最近开发过程中遇到了一个问题,之前没有太注意,这里记录一下。我用的SpringBoot版本是2.0.5,在跟前端联调的时候,有个请求因为用户权限不够就被拦截器拦截了,拦截器拦截之后打印日志然后response了一个错误返回了,但是前端Vue.js一直报如下跨域的错误,但是我是配置了跨域的。
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
我的拦截器中代码如下:
private void writeResponse(HttpServletResponse response,
ResponseResult<?> respResult, JSONObject reqParams) {
PrintWriter writer = null;
try {
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
writer = response.getWriter();
writer.write(JSON.toJSONString(respResult));
writer.flush();
} catch (Exception e) {
log.error("拦截器响应异常,respJson:"+reqParams, e);
} finally{
if(writer != null){
writer.close();
}
}
}我的拦截器是通过实现WebMvcConfigurer接口,然后重新其addCorsMappings(CorsRegistry registry)方法添加跨域设置的,具体如下所示:
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Bean
public UserCenterInterceptor userTokenInterceptor() {
return new UserCenterInterceptor();
}
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("GET","POST","OPTIONS")
.allowedOrigins("你要设置的域名")
.allowedHeaders("*")
.allowCredentials(true);
WebMvcConfigurer.super.addCorsMappings(registry);
}
}原因是请求经过的先后顺序问题,请求会先进入到自定义拦截器中,而不是进入Mapping映射中,所以返回的头信息中并没有配置的跨域信息,浏览器就会报跨域异常。
正确的设置跨域的方式是通过CorsFilter过滤器,具体代码如下:
@Configuration
public class CorsConfig {
private CorsConfiguration buildConfig() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.addAllowedOrigin("*");
corsConfiguration.addAllowedHeader("*");
corsConfiguration.addAllowedMethod("*");
corsConfiguration.setAllowCredentials(true);
return corsConfiguration;
}
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", buildConfig());
return new CorsFilter(source);
}
}
扫一扫
1843
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
