现在前后端分离开发越来越多了,分工越来越细了,前端页面启动的可能是单独一个域名去访问的,然后需要调用服务器的时候涉及到跨域访问了。比如在服务器设置http://localhost:8080的可以访问我们的服务。这种单个域名跨域访问的很简单,但是多个域名同时跨域访问的就要稍微处理一下才行,比如我们的服务器可以同时满足http://localhost:8080的和http://localhost:8081的,甚至还有http://192.168.0.2的。
下面是我的配置,和跨域名处理的代码。有问题请留言。
web.xml 添加过滤器
<filter>
<filter-name>cors</filter-name>
<filter-class>com.********.server.route.filter.CrossFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>cors</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
CrossFilter 代码如下
private Logger log = LoggerFactory.getLogger(getClass());
private static List<String> configOrigin=new ArrayList<String>();
@Override
protected void initFilterBean() throws ServletException {
super.initFilterBean();
log.info("初始化跨域域名");
if(ConfigUtil.clientH5Host!=null){
//从配置文件读取允许跨域访问的域名, 比如 http:localhost:8080 , 多个域名用逗号隔开就好
configOrigin=Arrays.asList(ConfigUtil.clientH5Host.split(","));
}
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
String requestOrigin = request.getHeader("Origin");
log.debug("跨域设置开始,origin={}, configOrigin={}",requestOrigin, ConfigUtil.clientH5Host);
if(requestOrigin!=null && configOrigin.contains(requestOrigin)){
response.addHeader("Access-Control-Allow-Origin",requestOrigin);
} else{
//不允许访问
}
response.addHeader("Access-Control-Allow-Methods", "GET, POST");
response.addHeader("Access-Control-Allow-Headers",
"Access-Control-Allow-Headers,Content-Type,token,token_,Access-Control-Allow-Origin,"
+ "Access-Control-Allow-Methods,Access-Control-Max-Age");
response.addHeader("Access-Control-Max-Age", "1800"); //30 min
response.addHeader("Access-Control-Allow-Credentials", "true");
filterChain.doFilter(request, response);
}
关键配置的读取,请看我的另一篇文章:不同环境配置多个配置文件。