Springboot CORS cross-domain access
What is cross-domain
Origin policy restrictions browser: it is the core of the browser is also the most basic security feature, if the lack of the same origin policy, the normal function of the browser may be affected. Web can be said to be built on the basis of the same origin policy, but the browser is directed to a realization origin policy. Origin policy prevents a domain javascript script and content to another domain interact. The so-called homologous (referring to a domain in the same) is two pages have the same protocol (protocol), the host (host) and port number (port)
When a request url the protocol, the domain name, port between any one of three different cross-domain is the current page url
For example:
| Current page url | The requested page url | Whether cross-domain ** ** | the reason |
|---|---|---|---|
| http://www.test.com/ | http://www.test.com/index.html | no | Homologous (protocol name, the same port number) |
| http://www.test.com/ | https://www.test.com/index.html | Cross-domain | Different protocols (http / https) |
| http://www.test.com/ | http://www.baidu.com/ | Cross-domain | Primary Domain Name different (test / baidu) |
| http://www.test.com/ | http://blog.test.com/ | Cross-domain | Different subdomain (www / blog) |
| http://www.test.com:8080/ | http://www.test.com:7001/ | Cross-domain | Different port numbers (8080/7001) |
Cross-domain restrictions
[1] can not read non-homologous pages of Cookie, LocalStorage and IndexedDB
[2] no access to non-homologous pages DOM
[3] can not send AJAX request to address non-homologous
CORS-based Springboot build cross-domain access
Based SpringBooot project to build a cross-domain resource server can stand outside the Ajax request access.
method one:
Add on each the Controller @CrossOrigin
Wherein @CrossOrigin 2 parameters:
Origins : allow a list of domains accessible
maxAge : ready caching the maximum time before the response (in seconds).
Not added @CrossOrigin:
@RestController
@RequestMapping("/test")
public class TestRequestLogController {
@RequestMapping("/request_log")
public String TestRequestLog(@RequestParam String name){
return "hello " + name;
}
}
Plus @CrossOrigin:
Method Two:
@Configuration
public class CorsConfig {
private CorsConfiguration corsConfiguration(){
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.addAllowedHeader("*");
corsConfiguration.addAllowedMethod(HttpMethod.GET);
corsConfiguration.addAllowedMethod(HttpMethod.POST);
corsConfiguration.addAllowedOrigin("*");
return corsConfiguration;
}
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration());
return new CorsFilter(urlBasedCorsConfigurationSource);
}
}
