附上大神的地址:https://www.imooc.com/learn/947
本文主要是对大神讲的跨域问题的后端解决方案做文字性总结
1.为什么会产生ajax跨域
1.浏览器限制
2.本身跨域,就是自身的域名与访问的域名(协议,域名,端口任何一个不一样)
3.发出去的请求是XHR(XMLHttpRequest)请求
三者同时满足才有可能产生ajax跨域问题
2.跨域的解决方向
分为调用方解决与被调用方解决
2.1 被调用方解决
可以通过服务器端实现或者nginx实现(实现效果一样)
2.1.1服务器端实现
1>. 增加过滤器
@Bean
public FilterRegistrationBean registerFilter() {
FilterRegistrationBean bean = new FilterRegistrationBean();
bean.addUrlPatterns("/*");
bean.setFilter(new CrosFilter());
return bean ;
}
package com.imooc;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.tomcat.util.buf.StringUtils;
public class CrosFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletResponse res = (HttpServletResponse) response;
HttpServletRequest req = (HttpServletRequest) request;
String origin = req.getHeader("Origin");
if (!org.springframework.util.StringUtils.isEmpty(origin)) {
//带cookie的时候,origin必须是全匹配,不能使用*
res.addHeader("Access-Control-Allow-Origin", origin);
}
res.addHeader("Access-Control-Allow-Methods", "*");
String headers = req.getHeader("Access-Control-Request-Headers");
// 支持所有自定义头
if (!org.springframework.util.StringUtils.isEmpty(headers)) {
res.addHeader("Access-Control-Allow-Headers", headers);
}
res.addHeader("Access-Control-Max-Age", "3600");
// enable cookie
res.addHeader("Access-Control-Allow-Credentials", "true");
chain.doFilter(request, response);
}
@Override
public void destroy() {
// TODO Auto-generated method stub
}
}
2.1.2 nginx 配置
2.1.3 在对应的restController 层增加@CrossOrigin注解(不建议使用,麻烦)
2.2 调用方实现
在调用方的http 服务器的反向代理转发到被调用方的,在浏览器上看不到任何跨域请求