本文适用参考于web服务端设置跨域时的实现情景。
一般来说,跨域请求的关键在于服务器是否允许,只要服务器允许端口的跨域请求,客户端(浏览器)就可以使用正常的请求方式发出请求。
那浏览器如何设置允许跨域请求呢?!
当然与 HTTP的报文头 有关咯!
在服务端 需要允许跨域的接口下,添加如下HTTP报文头,及其对应的值:
// 设置允许Cookie "Access-Control-Allow-Credentials", "true" // 允许http://www.xxx.com域 发起跨域请求,或者用 * 允许所有跨域请求 "Access-Control-Allow-Origin", "www.xxx.com" // 设置允许跨域请求的方法 "Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, PATCH" // 允许跨域请求包含content-type "Access-Control-Allow-Headers", "Content-Type, Accept, Origin, X-Requested-With"
以springboot开发的web项目为例,可以有以下两个方法提供参考
方法一
为接口添加 @CrossOrigin 注解
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import java.util.List;
@RestController
@RequestMapping("staffInfo")
@CrossOrigin
public class StaffInfoController {
@PostMapping
public ResponseResult postStaffInfo(@RequestBody List<Entity> entityList) {
/*
此处省略n行代码
*/
return null;
}
}
方法二
通过web 过滤器来为每个此http相应添加报文头
@Component
@WebFilter(urlPatterns = "/*", filterName = "corsFilter")
public class CorsFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse res = (HttpServletResponse) response;
HttpServletRequest req = (HttpServletRequest) request;
// 设置允许Cookie
res.addHeader("Access-Control-Allow-Credentials", "true");
// 允许http://www.xxx.com域(自行设置,这里只做示例)发起跨域请求
res.addHeader("Access-Control-Allow-Origin", req.getHeader("Origin"));
// 设置允许跨域请求的方法
res.addHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, PATCH");
// 允许跨域请求包含content-type
res.addHeader("Access-Control-Allow-Headers", "Content-Type, Accept, Origin, X-Requested-With");
if (((HttpServletRequest) request).getMethod().equals("OPTIONS")) {
response.getWriter().println("ok");
return;
}
chain.doFilter(request, response);
}
@Override
public void destroy() {
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
}