Detailed Spring Boot settings to support cross-domain request process

Others 2021-03-27 19:57:28 views: null

For security reasons, modern browsers must comply with the same-origin policy when making HTTP requests. Otherwise, they are cross-domain HTTP requests, which are prohibited by default. The IP (domain name) is different, or the port is different, and the protocol is different (such as HTTP, HTTPS) will cause cross-domain problems.

The general front-end solutions are:

① Use JSONP to support cross-domain requests. The principle of JSONP to achieve cross-domain requests is simply dynamic creation

② Use the reaction proxy mechanism to solve cross-domain problems. When the front-end requests, the request is first sent to the back-end of the same source address, and the back-end request is forwarded to avoid cross-domain access.

Later, HTML5 supported the CORS protocol. CORS is a W3C standard. The full name is "Cross-origin resource sharing". It allows browsers to send XMLHttpRequest requests to cross-origin servers, thus overcoming the restriction that AJAX can only be used from the same source. It adds a special Header [Access-Control-Allow-Origin] to the server to tell the client about cross-domain restrictions. If the browser supports CORS and determines that the Origin is passed, it will allow XMLHttpRequest to initiate cross-domain requests.

If the front-end uses the CORS protocol, the back-end needs to be configured to support non-same-origin requests. There are two ways in Spring Boot to support non-same-origin requests.

First, configure CorsFilter.

@Configuration
public class GlobalCorsConfig {
  @Bean
  public CorsFilter corsFilter() {
    CorsConfiguration config = new CorsConfiguration();
     config.addAllowedOrigin("*");
     config.setAllowCredentials(true);
     config.addAllowedMethod("*");
     config.addAllowedHeader("*");
     config.addExposedHeader("*");

    UrlBasedCorsConfigurationSource configSource = new UrlBasedCorsConfigurationSource();
    configSource.registerCorsConfiguration("/**", config);

    return new CorsFilter(configSource);
  }
}

Need to configure the above piece of code. The second way is slightly simpler.

Second, add to the startup class:

public class Application extends WebMvcConfigurerAdapter { 

  @Override 
  public void addCorsMappings(CorsRegistry registry) { 

    registry.addMapping("/**") 
        .allowCredentials(true) 
        .allowedHeaders("*") 
        .allowedOrigins("*") 
        .allowedMethods("*"); 

  } 
}

Some high-frequency interview questions collected in the latest 2020 (all organized into documents), there are many dry goods, including mysql, netty, spring, thread, spring cloud, jvm, source code, algorithm and other detailed explanations, as well as detailed learning plans, interviews Question sorting, etc. For those who need to obtain these contents, please add Q like: 11604713672

Guess you like

Origin blog.csdn.net/weixin_51495453/article/details/113616269
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com