1.同源策略和跨域
先明白同源策略
https://www.zhihu.com/question/26376773
2.gateway设置跨域
官方通过配置文件,https://docs.spring.io/spring-cloud-gateway/docs/current/reference/html/#cors-configuration
spring:
cloud:
gateway:
globalcors:
cors-configurations:
'[/**]':
allowedOrigins: "https://docs.spring.io"
allowCredentials: true
allowedMethods:
- GET
或者通过配置类,注意 allowCredentials(允许携带cookie) 为true, allowedOrigins(指定哪些域名可以访问) 不可以为"*"
这两种配置都可以,其中一种即可,如果配置了浏览器访问还有问题,则检查前端
@Configuration
public class GatewayCorsConfiguration {
@Bean
public CorsWebFilter corsWebFilter(){
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedMethod("*");
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(new PathPatternParser());
source.registerCorsConfiguration("/**", config);
return new CorsWebFilter(source);
}
}
3.vue axios 设置携带cookie
设置withCredentials: true
或者这样