springboot cors解决跨域问题

其他 2019-01-31 19:24:43 阅读次数: 0

https://www.cnblogs.com/lnas01/p/10343165.html 转载请注明出处

Suppose a user visits http://www.example.com and the page attempts a cross-origin request to fetch the user's data from http://service.example.com. A CORS-compatible browser will attempt to make a cross-origin request to service.example.com as follows.

  1. The browser sends the OPTIONS request with an Origin HTTP header to service.example.com containing the domain that served the parent page: 
    Origin: http://www.example.com
  2. The server at service.example.com may respond with:
    • An Access-Control-Allow-Origin (ACAO) header in its response indicating which origin sites are allowed. For example: 
      Access-Control-Allow-Origin: http://www.example.com
      Since www.example.com matches the parent page, the browser then performs the cross-origin request.
jsonp只支持GET请求 ,cors相比于jsonp 支持更广泛

 1 package com.baselogic.boot.corsdemo;
 2 
 3 import org.slf4j.Logger;
 4 import org.slf4j.LoggerFactory;
 5 import org.springframework.web.filter.GenericFilterBean;
 6 
 7 import javax.servlet.*;
 8 import javax.servlet.http.HttpServletResponse;
 9 import java.io.IOException;
10 
11 /**
12  * CORS Filter
13  *
14  * This filter is an implementation of W3C's CORS
15  * (Cross-Origin Resource Sharing) specification,
16  * which is a mechanism that enables cross-origin requests.
17  *
18  */
19 public class CORSFilter extends GenericFilterBean implements Filter {
20 
21     private Logger logger = LoggerFactory.getLogger(this.getClass());
22 
23     @Override
24     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
25             throws IOException, ServletException {
26 
27         HttpServletResponse httpResponse = (HttpServletResponse) response;
28         httpResponse.setHeader("Access-Control-Allow-Origin", "*");
29 //        httpResponse.setHeader("Access-Control-Allow-Methods", "*");
30         httpResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE");
31 
32 //        httpResponse.setHeader("Access-Control-Allow-Headers", "*");
33         httpResponse.setHeader("Access-Control-Allow-Headers",
34                 "Origin, X-Requested-With, Content-Type, Accept, X-Auth-Token, X-Csrf-Token, WWW-Authenticate, Authorization");
35         httpResponse.setHeader("Access-Control-Expose-Headers", "custom-token1, custom-token2");
36         httpResponse.setHeader("Access-Control-Allow-Credentials", "false");
37         httpResponse.setHeader("Access-Control-Max-Age", "3600");
38 
39         StringBuilder sb = new StringBuilder();
40         sb.append("\nCORS HEADERS:\n");
41         sb.append("---------------\n");
42         httpResponse.getHeaderNames()
43                 .forEach(name -> {
44                             sb.append(name).append(": ").append(httpResponse.getHeader(name)).append("\n");
45                         }
46                 );
47         logger.debug("********** CORS Configuration Completed **********");
48         logger.debug(sb.toString());
49 
50         chain.doFilter(request, response);
51     }
52 
53 
54 } // The End...
 

猜你喜欢

转载自www.cnblogs.com/lnas01/p/10343165.html
今日推荐
《美国对全球网络空间安全与发展的威胁和破坏》报告发布
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
周排行
让自己的头脑极度开放
CentOS 6.5(x64) 和Redhat6.5操作系误删libc
高可用注册中心
【日记】12.28/【题解】AtCoder AGC041
XML(5)_XML 约束_DTD
Java集合Map(四)
树梅派安装桌面环境教程
pipenv 的 使用和安装
小程序白屏问题和内存研究
C语言简单选择排序
每日归档
更多
2024-05-02(0)
2024-05-01(4)
2024-04-30(1)
2024-04-29(40)
2024-04-28(0)
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022