Preface
For the basic handling of cross-domain issues, see the previous article: https://blog.csdn.net/Mint6/article/details/104468530 , this can solve most problems.
There are four ways to solve the cross-domain problem back-end: https://blog.csdn.net/Mint6/article/details/104726325 .
If you are using shiro, you have tried the above steps, and there are still the following problems, please see the solutions in this article.
problem
Copy the main tips
A cookie associated with a cross-site resource at http://127.0.0.1/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.Because of the cross-domain problem, the cookie cannot be carried and the redirection fails. 1. Make it clear that this situation is a cross-domain problem.
Analysis process
(1) Cross-domain: In fact, I have already used this article ( https://mp.csdn.net/console/editor/html/104726325 ). Method 2: Rewriting WebMvcConfigurer is solved. When the front-end and back-end joint debugging are performed, the interface It can be adjusted.
@Configuration
public class WebMvcConfg implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
//设置允许跨域的路径
registry.addMapping("/**")
//设置允许跨域请求的域名
//当**Credentials为true时,**Origin不能为星号,需为具体的ip地址【如果接口不带cookie,ip无需设成具体ip】
.allowedOrigins("http://localhost:9527", "http://127.0.0.1:9527", "http://127.0.0.1:8082", "http://127.0.0.1:8083")
//是否允许证书 不再默认开启
.allowCredentials(true)
//设置允许的方法
.allowedMethods("*")
//跨域允许时间
.maxAge(3600);
}
}(2) But when adjusting one of the ajax requests , the back-end permissions were implemented using springboot+shiro , and it was found that the original cross-domain code rewriting WebMvcConfigurer did not work.
(3) Reason: The original logic is user request->WebMvcConfigurer setting header->controller,
After Spring Boot integrates Shiro, user request->shiro listener->shiro logic->WebMvcConfigurer set header->controller,
By default, all requests will pass through shiro's listener first, and cross-domain errors occur when executing shiro code logic, so the above global methods are no longer useful .
Solution
Set the header before the shiro code to solve the cross-domain problem. So add the configuration as follows, and you can remove the way to rewrite WebMvcConfigure .
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
/**
* @Auther: Administrator
* @Date:
* @Description:
*/
@Configuration
public class CorsConfig {
private CorsConfiguration buildConfig() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.addAllowedOrigin("*");
corsConfiguration.addAllowedHeader("*");
corsConfiguration.addAllowedMethod("*");
corsConfiguration.setMaxAge(3600L);
corsConfiguration.setAllowCredentials(true);
return corsConfiguration;
}
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", buildConfig());
return new CorsFilter(source);
}
}
Finally : this is for the special case of shiro. If there is a cross-domain problem and the problem has not been located, please see the basic cross-domain handling method: https://blog.csdn.net/Mint6/article/details/104468530