第一种方式,全局配置
@Configuration
public class kuayu implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
//allowedOrigins 里面的值,可以是请求时Origins的具体值,要么是 * ,接受任意域名请求
.allowedOrigins("*")
//allowedMethods 里面的值,表明服务器支持的所有跨域请求方法
.allowedMethods("GET","HEAD","POST","PUT","DELETE","OPTIONS")
//allowCredentials 表示 是否允许发送Cookie,默认不发送
.allowCredentials(true)
//maxAge 表示本次预检请求的有限期,单位秒
.maxAge(3600)
//allowedHeaders 表示跨域请求时,XMLHttpRequest对象的getResponseHeader()拿到的字段
.allowedHeaders("*");
}
}
第二种方式,基于过滤器
@WebFilter(filterName = "CorsFilter")
@Configuration
public class kuayu implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response1=(HttpServletResponse)response;
response1.setHeader("Access-Control-Allow-Origin","*");
response1.setHeader("Access-Control-Allow-Credentials","true");
response1.setHeader("Access-Control-Allow-Method","GET,POST,PUT,DELETE,PATCH");
response1.setHeader("Access-Control-Max-Age","3600");
response1.setHeader("Access-Control-Allow-Headers","Origin,X-Requested-With,Content-Type,Accept");
chain.doFilter(request,response);
}
}
第三种,注解(最小级别,精确到单个请求级别)
public class kuayu {
@CrossOrigin(origins = "http://localhost:4000")
@GetMapping("goods-url")
public Response queryGoodsWithGoodsUrl(@RequestParam String goodsUrl) throws Exception{}
}
上面三者选其一,一般来说第一种或第二种在几个域中使用。