- @CrossOrigin注解
在Controller类上添加注解@CrossOrigin即可
@CrossOrigin
@RestController
public class publicController {
@RequestMapping("/se")
public String se(String page) {
System.out.println("访问成功!");
return page;
}
}
- 定义一个WebMvcConfig.java
@Configuration
public class CORSConfig {
@Bean
public WebMvcConfigurer corsConfigurer(){
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedHeaders("*")
.allowedMethods("*")
.allowedOrigins("*");
}
};
}
}
- 过滤器,定义filter.java
public class AllowOriginFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// TODO 其他处理
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpServletRequest request = (HttpServletRequest) servletRequest;
String origin = request.getHeader("Origin");
if (StringUtils.isNotBlank(origin)) {
//设置响应头,允许跨域访问
//带cookie请求时,必须为全匹配,不能使用*
/**
* 表示允许 origin 发起跨域请求。
*/
response.addHeader("Access-Control-Allow-Origin", origin);
}
/**
* GET,POST,OPTIONS,PUT,DELETE 表示允许跨域请求的方法
*/
response.addHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, DELETE");
/**
* 表示在86400秒内不需要再发送预校验请求
*/
response.addHeader("Access-Control-Max-Age", "86400");
//支持所有自定义头
String headers = request.getHeader("Access-Control-Request-Headers");
if (StringUtils.isNotBlank(headers)) {
//允许JSON请求,并进行预检命令缓存
response.addHeader("Access-Control-Allow-Headers", headers);
}
response.addHeader("Access-Control-Max-Age", "3600");
//允许cookie
response.addHeader("Access-Control-Allow-Credentials", "true");
filterChain.doFilter(servletRequest, response);
}
@Override
public void destroy() {
// TODO 其他处理
}
}
- 什么是CROS?
CROS是一个W3C标准,全称是“跨域资源共享”(Cross-origin resource sharing),允许浏览器向跨源服务器,发出XMLHttpRquest请求,从而克服了AJAX只能同源使用的限制。它通过服务器增加一个特殊的Header[Access-Control-Allow_Origin]来告诉客户端跨域的限制,如果浏览器支持CORS、并且判断Origin通过的话,就会允许XMLHttpRequest发起跨域请求。
CORS Header
//允许http://www.xxx.com域(自行设置)发起跨域请求
- Access-Control-Allow-Origin: http://www.xxx.com
//设置在86400秒不需要再发送预校验请求 - Access-Control-Max-Age:86400
//设置允许跨域请求方法 - Access-Control-Allow-Methods:GET, POST, OPTIONS, PUT, DELETE
//允许跨域请求包含content-type - Access-Control-Allow-Headers: content-type
//设置允许Cookie - Access-Control-Allow-Credentials: true
用法
Controller类上添加
@CrossOrigin(origins = “http://xxx.com”, maxAge = 86400)//设置在86400秒不需要再发送预校验请求