★The significance of cross-domain resource sharing

▲ 在前后端分离的开发架构中，前端应用和后端应用往往是彻底隔离的，
       二者不在同一个应用服务器内、甚至不再同一台物理节点上。
因此前端应用和后端应用就不在同一个域里。

▲ 在这种架构下，前端应用可能采用前端框架（比如Angular、Vue等）向后端应用发送请求，

这种请求就是跨域请求，后端应用就需要允许跨域资源共享。

★ Configuration of cross-domain resource sharing

Partial method: Use @CrossOrigin annotation to modify the processing method of the controller.
Local is to set only a certain method that can be requested across domains.

Global method: Define a WebMvcConfigurer or WebFluxConfigurer Bean in the container, and implement the custom addCorsMappings(CorsRegistry) method in the bean to set the global CORS configuration.
(It is to define a configuration class and implement the WebMvcConfigurer or WebFluxConfigurer class)

假如要配置全局的COS

@Configuration
public class Config implements WebMvcConfigurer
{

@Override
public void addCorsMappings(CorsRegistry registry) 
{
    // 指定对于/api/**路径下的所有请求
    registry.addMapping("/api/**")
        // 允许接收来自于http://www.crazyit.org和http://www.fkjava.org的请求
        .allowedOrigins("http://www.crazyit.org", "http://www.fkjava.org")
        // 允许处理GET, PUT, POST, DELETE, PATCH请求
        .allowedMethods("GET", "PUT", "POST", "DELETE", "PATCH")
        // 只允许哪些请求头
        .allowedHeaders("header1", "header2", "header3")
        .allowCredentials(true).maxAge(3600);
    // 指定对于/root/**路径下的所有请求
    registry.addMapping("/root/**")
        // 允许接收来自于http://www.crazyit.org的请求
        .allowedOrigins("http://www.crazyit.org")
        // 允许处理GET, POST请求
        .allowedMethods("GET", "POST ")
        .allowCredentials(true).maxAge(1800);
    // ...
}
}

code demo

Partial cross-domain

You only need to add this annotation to the method. Other configuration parameters can be written in the value of the annotation, such as maxAge.
As long as this annotation is added to this method, local cross-domain resource sharing access can be achieved.
You can get yourself a front-end project to access this method.
Insert image description here

global domain

You only need to add this configuration class to the project to achieve global cross-domain settings
Insert image description here

package cn.ljh.app.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

//设置全局跨域资源共享
@Configuration
public class CosConfig implements WebMvcConfigurer
{
    
    
    @Override
    public void addCorsMappings(CorsRegistry registry)
    {
    
    
        //表示对这个项目的所有资源（就是方法）都设置跨域Cos，就是都能跨域访问
//        registry.addMapping("/**");

        registry
                //表示这个项目只有这个路径下方法可以被跨域访问到
                .addMapping("/books/**")
                .maxAge(3600)
                //允许浏览器发送自己的身份凭证过来
                .allowCredentials(true)
                //表示只允许Get请求访问
                //.allowedMethods("GET")
                //只接受来自这个地址的跨域资源共享请求
                //通过设置下面这个属性，可以限制后端应用只允许前端应用所在域来访问
                .allowedOrigins("http://locahost:8080/");

    }
}

61. SpringBoot -----Cross-domain resource settings----local settings and global settings

★The significance of cross-domain resource sharing

★ Configuration of cross-domain resource sharing

code demo

Partial cross-domain

global domain

Guess you like