出于安全原因,浏览器禁止Ajax调用驻留在当前原点之外的资源。即浏览器不能执行其他网站的脚本。它是由浏览器的同源策略造成的,是浏览器对JavaScript施加的安全限制
跨源资源共享(CORS)是由大多数浏览器实现的W3C规范,它允许以灵活的方式指定授权何种类型的跨域请求,而不是使用一些安全性较低且功能较弱的技术,如IFrame或JSONP
spring 4.2 及以上版本为CORS开箱即用提供了很好的支持,与典型的基于过滤器的解决方案相比,它提供了一种更容易、更强大的配置CORS的方法。只需在 controller 的类名、或方法名上加 @CrossOrigin 注解即可
package com.demo.controller;
import java.util.HashMap;
import java.util.Map;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/account")
public class CorsController {
@CrossOrigin //默认对所有ip都有效,等于 @CrossOrigin(origins = "*")
@RequestMapping("/retrieve")
public Object retrieve() {
Map<String, Object> map = new HashMap<String, Object>();
map.put("name", "ShakeSpeare");
return map;
}
}
package com.demo.controller;
import java.util.HashMap;
import java.util.Map;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/account")
public class CorsController {
@CrossOrigin(origins = "http://localhost") //只对某一ip有效
@RequestMapping("/retrieve")
public Object retrieve() {
Map<String, Object> map = new HashMap<String, Object>();
map.put("name", "ShakeSpeare");
return map;
}
}
package com.demo.controller;
import java.util.HashMap;
import java.util.Map;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/account")
public class CorsController {
@CrossOrigin(origins = {"Http://localhost", "http://localhost:8089"}) //通过数组形式配置多个ip
@RequestMapping("/retrieve")
public Object retrieve() {
Map<String, Object> map = new HashMap<String, Object>();
map.put("name", "ShakeSpeare");
return map;
}
}
package com.demo.controller;
import java.util.HashMap;
import java.util.Map;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@CrossOrigin(origins = {"Http://localhost", "http://localhost:8089"}) //在类上配置ip
@RestController
@RequestMapping("/account")
public class CorsController {
@RequestMapping("/retrieve")
public Object retrieve() {
Map<String, Object> map = new HashMap<String, Object>();
map.put("name", "ShakeSpeare");
return map;
}
}