1. Demand background
If there is a need to expose a certain interface to external service calls in the project, there will inevitably be a cross-domain situation for web projects, so how to solve this cross-domain?
2. Implementation plan
i. CORSFilter
public class CORSFilter implements Filter {
private static final Logger logger = LoggerFactory.getLogger(CORSFilter.class);
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpServletRequest request = (HttpServletRequest) servletRequest;
//域名列表
String domains = "A,B,C";
try {
String originHeads = request.getHeader("Origin");
LoggerUtil.info(logger, "[CORSFilter] domain=", originHeads, ",diamond domains=", domains);
String[] corsList = domains.split(",");
for (String domain : corsList) {
if (!domain.equals(originHeads)) {
continue;
}
response.setHeader("Access-Control-Allow-Origin", domain);
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "0");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Headers", "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With, X-XSRF-TOKEN");
}
} catch (Exception ex) {
LoggerUtil.error(logger, ex, "[CORSFilter] domains split err=");
}
filterChain.doFilter(servletRequest, servletResponse);
}
@Override
public void destroy() {
}
}
Note : Only one domain name can be allowed per request, so here you have to traverse and set the allowable domain names
ii Register CORSFilter in web.xml
<!-- CORS Filter -->
<filter>
<filter-name>CORSFilter</filter-name>
<filter-class>com.xxx.config.CORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CORSFilter</filter-name>
<url-pattern>/cors/*</url-pattern>
</filter-mapping>
Configuration needs to implement cross-domain interface URL wildcarding