然后后端一般都是加上这个
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "*");
发现没啥用,继续报错,不过这次有点不一样
Access to XMLHttpRequest at 'https://xxxxx:7302/' from origin 'http://localhost:7211' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
这个是代表通配符错误,不能使用通配符处理,所要加上前端访问的地址
response.setHeader("Access-Control-Allow-Origin","http://192.168.0.23:7211");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "*");
加了发现还是会报错
has been blocked by CORS policy: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
这种情况表示要设置withCredentials 请求
后端加上代码
response.setHeader("Access-Control-Allow-Origin","http://192.168.0.23:7211");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, DELETE");
//这里设置Credentials为true 也可以前端设置为false
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "*");
跨域问题解决
问题来啦了
如果有多个前端怎么加多域名呢,最终解决方案
public class SimpleCORSFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) servletResponse;
String [] allowDomain= {"http://192.168.0.10:7211","http://192.168.0.23:7211"};
Set<String> allowedOrigins= new HashSet<String>(Arrays.asList(allowDomain));
String originHeader=((HttpServletRequest) servletRequest).getHeader("Origin");
if (allowedOrigins.contains(originHeader)) {
response.setHeader("Access-Control-Allow-Origin", originHeader);
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, DELETE");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "*");
}
filterChain.doFilter(servletRequest, servletResponse);
}
@Override
public void init(FilterConfig filterConfig) {}
@Override
public void destroy() {}
}
spring boot 最终方案
@SpringBootConfiguration
public class MyWebConfigurer implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry corsRegistry){
/**
* 所有请求都允许跨域,使用这种配置就不需要
* 在interceptor中配置header了
*/
corsRegistry.addMapping("/**")
.allowCredentials(true)
.allowedOrigins("http://192.168.0.10:7211","http://192.168.0.23:7211")
.allowedMethods("POST", "GET", "PUT", "OPTIONS", "DELETE")
.allowedHeaders("*")
.maxAge(3600);
}
}```