在学习Spring Security OAuth2时,使用前后端分离,前端端口8080通过ajax访问端口为8083的后端,发现一直报错cors block…
之后在查询各大解决方案时有说用
.permitAll()
.antMatchers(HttpMethod.OPTIONS)
.permitAll()
.requestMatchers(CorsUtils::isPreFlightRequest)
.permitAll()
或者,在返回corsFilter的方法上添加@Bean都没有成功
最后通过实现 Filter接口自己写一个cors的过滤器成功了
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CorsConfig implements Filter {
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
//允许所有的域访问
response.setHeader("Access-Control-Allow-Origin", "*");
//允许所有方式的请求
response.setHeader("Access-Control-Allow-Methods", "*");
//头信息缓存有效时长(如果不设 Chromium 同时规定了一个默认值 5 秒),没有缓存将已OPTIONS进行预请求
response.setHeader("Access-Control-Max-Age", "3600");
//允许的头信息
response.setHeader("Access-Control-Allow-Headers", "x-requested-with, authorization");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, res);
}
}
}