When we write Hybird App, usually to replace Cookie achieve user sessions using the Token.
If it is released into the app, then because app comes with webview environment, run-time relationship with the back-end server is equivalent to Server 2 Server, it is generally not involved in cross-domain issues.
But if released into the H5 App words, because it is run directly in the browser in the terminal, will handle issues related to the CORS (cross-domain resource sharing).
About the solution of CORS, mainly in three aspects:
1, a simple request : Header does not involve the additional information, the response can be added directly to the head:
response.setHeader ( "Access-Control-the Allow-Origin", "*"); // allow the domain name request response.setHeader ( "Access-Control-the Allow-Methods", "the POST, the GET"); // allowed request mode response.setHeader ( "Access-Control-the allow-Headers", "*"); // allows custom header response.setHeader ( "Access-Control-Max Age-", "3600"); // trust time
2, complex requests : The Header If the request or response contains additional information needs to be processed, the request will be sent once each time the actual type of pre-OPTIONS request before, if the pre-requisites to get the right response, will send a formal request, and therefore , the server needs to be added in addition to the above response outside, but also to pre-process the request:
String method = getRequest().getMethod().toUpperCase(); if(method == "OPTIONS"){ response.setStatus(HttpStatus.SC_NO_CONTENT); }
3, sending Token : is the most important thing, if you need to return to the front by Token Header, then before sending a response, you also need an additional license to add a line:
response.setHeader("Access-Control-Expose-Headers", "MyAppTokenName");
response.setHeader("MyAppTokenName", TokenUtil.getToken());
The red line of code is very important, otherwise the tip will not receive the response back Token string.