跨域:指的是浏览器不能执行其他网站的脚本。它是由浏览器的同源策略造成的,是浏览器对JavaScript施加的安全限制。
同源策略:是指协议,域名,端口都要相同,其中一个不同都会产生跨域;
跨域流程
链接: link.
解决跨域 一 使用nginx部署为同一域
解决跨域 二 配置当次请求允许跨域
public class CorsWebFilter implements WebFilter {
private final CorsConfigurationSource configSource;
private final CorsProcessor processor;
public CorsWebFilter(CorsConfigurationSource configSource) {
this(configSource, new DefaultCorsProcessor());
}
public CorsWebFilter(CorsConfigurationSource configSource, CorsProcessor processor) {
Assert.notNull(configSource, "CorsConfigurationSource must not be null");
Assert.notNull(processor, "CorsProcessor must not be null");
this.configSource = configSource;
this.processor = processor;
}
@Configuration
public class MallCorsConfiguration {
@Bean
public CorsWebFilter corsWebFilter(){
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration corsConfiguration = new CorsConfiguration();
//1,配置跨域
corsConfiguration.addAllowedHeader("*");
corsConfiguration.addAllowedMethod("*");
corsConfiguration.addAllowedOrigin("*");
corsConfiguration.setAllowCredentials(true);
source.registerCorsConfiguration("/**",corsConfiguration);
return new CorsWebFilter(source);
}
}