解决跨域问题遇到的坑
package com.example.demo.config;
import org.apache.commons.lang3.StringUtils;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpHeaders;
import org.springframework.stereotype.Component;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class CorsConfig extends HttpFilter {
/**
* 这个是项目中使用的解决跨域问题的方式
* 项目 spring-boot的版本是:2.1.16.RELEASE
*/
// @Bean
// public CorsFilter corsFilter() {
// final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
// final CorsConfiguration corsConfiguration = new CorsConfiguration();
// corsConfiguration.setAllowCredentials(true);
// corsConfiguration.addAllowedHeader("*");
// corsConfiguration.addAllowedOrigin("*");
// corsConfiguration.addAllowedMethod("*");
// source.registerCorsConfiguration("/**", corsConfiguration);
// return new CorsFilter(source);
// }
/**
* spring-boot项目升级到2.4.0时,上面的解决跨域方式就有问题了,
* 设置setAllowCredentials(true)时,addAllowedOrigin("*")这个里面就不能使用 * 表示了
* 使用下面的这个解决跨域方式,可以解决2.4.0跨域问题
* 注意:
* res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "Origin, x-requested-with, Content-Type, Accept, Authorization,TenantId");
* 其中的 TenantId 是我自己添加的,在项目中,前端会传这个值,所以需要添加
*/
private static final long serialVersionUID = -8387103310559517243L;
@Override
protected void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws IOException, ServletException {
String origin = req.getHeader(HttpHeaders.ORIGIN);
if (!StringUtils.isEmpty(origin)) {
res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, origin);
res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "Origin, x-requested-with, Content-Type, Accept, Authorization,TenantId");
res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, PUT, OPTIONS, DELETE");
res.addHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, "Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma");
res.addHeader(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "60");
}
super.doFilter(req, res, chain);
}
}
每天进步一点点,不知不觉,你拥有的会超乎你的想象,与大家共勉!