在开发中,遇到跨域问题,按照网上的很多blog操作,总是出现错误,于是总结下来,供大家参考,由于spring-cors支持1.8,所以我用的是过滤器方式
1、在网上copy一种案例,到我项目,如下web.xml和自定义filter
<filter>
<filter-name>cors</filter-name>
<filter-class>****.CORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>cors</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
import javax.servlet.*;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class CORSFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.addHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
chain.doFilter(req, res);
}
@Override
public void destroy() {
}
}
(2)报错
The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin '*****.com' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
解决办法:把“*” 替换成自己项目的访问ip或者域名,这里我们项目是(http://localwww.chuangkit.com)
所以:
response.setHeader("Access-Control-Allow-Origin", "http://localwww.chuangkit.com");(3)这样以后,报错
The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. Origin '*com' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
解决办法:加返回值
response.setHeader("Access-Control-Allow-Credentials","true");就可以正常访问