为什么要跨域,一般是由A域名下的页面,调用B域名下的服务而导致跨域,B的服务会正常响应,但是由于浏览器的同源策略问题
导致浏览器本地报错,报跨域错误。前端的解决方案通常是避开浏览器跨域,或者使用代理服务器中间转发,而后端的解决方案则是通过在响应头response 中高速浏览器服务允许跨域。
前端解决方案: https://cloud.tencent.com/developer/article/1175899
一、springboot项目的跨域实现
1、针对一个方法的跨域解决
@CrossOrigin(origins = "http://localhost:9000")
@GetMapping("/greeting")
public Greeting greeting(@RequestParam(required=false, defaultValue="World") String name) {
System.out.println("==== in greeting ====");
return new Greeting(counter.incrementAndGet(), String.format(template, name));
}
通过注解 @CrossOrigin(origins = "http://localhost:9000") 实现
2、针对整个项目的跨域解决
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/greeting-javaconfig").allowedOrigins("http://localhost:9000");
}
};
}
在启动类(src/main/java/hello/Application.java)中添加如上代码
二、普通web项目的跨域实现
@Component(value = "SessionFilter")
@Order(Integer.MIN_VALUE)
@WebFilter(filterName = "SessionFilter", urlPatterns = {"/*"})
public class SessionFilter implements Filter {
private static Logger log = LoggerFactory.getLogger(SessionFilter.class);
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
log.info("Enter filter: sesionFilter");
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
Set<String> allowedOrigins = new HashSet<>();
allowedOrigins.add("https://h5.leshuazf.com");
allowedOrigins.add("https://checkin.lepass.cn");
String originHeader = request.getHeader("Origin");
if (allowedOrigins.contains(originHeader)) {
response.setHeader("Access-Control-Allow-Origin", originHeader);
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "content-type, x-requested-with,agentId");
response.setHeader("Access-Control-Allow-Credentials", "true");
}
String uri = request.getRequestURI();
log.info("filter_url:{}", uri);
filterChain.doFilter(request, response);
}
@Override
public void destroy() {
}
}