自定义CorsFilter Bean
@Configuration
public class CorsConfig {
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = getCorsConfigurationSource();
return new CorsFilter(source);
}
public UrlBasedCorsConfigurationSource getCorsConfigurationSource() {
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", config);
return source;
}
}
如果使用了Spring Security,还需要再security config中也添加跨域支持
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityWebConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CorsConfig corsConfig;
@Override
public void configure(HttpSecurity http) throws Exception {
...
http.cors().configurationSource(corsConfig.getCorsConfigurationSource());
...
}
}