springmvc解决跨域:
第一种:
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration//自动配置
public class CrosConfig implements WebMvcConfigurer {
//重新addCorsMappings方法
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**") //添加映射路径,“/**”表示对所有的路径实行全局跨域访问权限的设置
.allowedOrigins("*") //开放哪些ip、端口、域名的访问权限
.allowedMethods( "GET", "POST", "PUT", "OPTIONS", "DELETE") //开放哪些Http方法,允许跨域访问
.allowCredentials(true) //是否允许发送Cookie信息
.maxAge(3600)
.allowedHeaders("*"); //允许HTTP请求中的携带哪些Header信息
}
}
第二种:
@CrossOrigin`注解
此注解既可用于方法也可用于类
源码如下:
@CrossOrigin(origins = "http://www.zhihu.com")
@RequestMapping(value = "/allProductions", method = RequestMethod.GET)
public Result getAllOldProductions() {
}
@CrossOrigin`注解既可注解在方法上,也可注解在类上。
第三种:
XML全局配置(springmvc配置文件)
所有跨域请求都可以访问
<mvc:cors>
<mvc:mapping path="/**" />
</mvc:cors>
更详细的配置:
<mvc:cors>
<mvc:mapping path="/api/**"
allowed-origins="http://domain1.com, http://domain2.com"
allowed-methods="GET, PUT"
allowed-headers="header1, header2, header3"
exposed-headers="header1, header2" allow-credentials="false"
max-age="123" />
<mvc:mapping path="/resources/**"
allowed-origins="http://domain1.com" />
</mvc:cors>
以上是springmvc解决跨域问题的方法,下面是原生servlet项目解决跨域问题的方法:
创建一个拦截器,设置响应头
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebFilter("*.action")
public class CORSFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
Filter.super.init(filterConfig);
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse resp = (HttpServletResponse) servletResponse;
HttpServletRequest req = (HttpServletRequest) servletRequest;
filterChain.doFilter(req,resp);
resp.setContentType("text/html;charset=UTF-8");
//禁用缓存,确保网页信息是最新数据
resp.setHeader("Pragma","No-cache");
resp.setHeader("Cache-Control","no-cache");
resp.setHeader("Access-Control-Allow-Origin", "*");
resp.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, HEAD, DELETE, PUT");
resp.setHeader("Access-Control-Max-Age", "3600");
resp.setHeader("Access-Control-Allow-Headers",
"X-Requested-With, Content-Type, Authorization, Accept, Origin, User-Agent, Content-Range, Content-Disposition, Content-Description");
resp.setDateHeader("Expires", -10);
}
@Override
public void destroy() {
Filter.super.destroy();
}
}
@WebFilter("*.action")这里的路径根据实际项目更改