@Component
@Order(1)
public class CorsFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
// 获取来源网站
String originStr = request.getHeader("Origin");
// 允许该网站进行跨域请求
// response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Origin", originStr);
// 允许的访问方法
response.setHeader("Access-Control-Allow-Methods", "POST,GET,OPTIONS,DELETE,PUT,HEAD");
// Access-Control-Max-Age 用于 CORS 相关配置的缓存
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Content-Type,content-type,rrbsecretkey,wrrbsecretkey,location,ab-barrel-ld,authentication,authtoken,weiyi-version,appid,cache-control,csrf-token,source,timestramp,token,Authorization");
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
// 表示是否允许请求携带凭证信息,若要返回cookie、携带seesion等信息则将此项设置为true
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Pragma", "no-cache");
filterChain.doFilter(servletRequest, response);
}
@Override
public void destroy() {
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
}
跨域配置类
最新推荐文章于 2022-10-25 15:22:26 发布