Many online methods, tested several possible ways (requires special attention, a lot of code out over the Internet does not work, the test found that cross-domain requests can normally go, depending on your cross-domain requests will not be other interceptors intercept, assuming that your system uses shiro privileges, then a high probability will be first intercepted because there is no cross-domain authorization process, tell the client prohibit cross-domain, and therefore for the online method, a slight adjustment):
method one:
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
@Configuration
public class GlobalCorsConfig {
@Bean
public FilterRegistrationBean corsFilter() {
// 1. Add CORS configuration information
CorsConfiguration config = new CorsConfiguration();
// 1) allows a domain, do not write *, otherwise the cookie will not be used
// config.addAllowedOrigin("http://localhost:8081");
// config.addAllowedOrigin("http://192.168.59.168:8081");
config.addAllowedOrigin("*");
// 2) whether to send Cookie Information
config.setAllowCredentials(true);
// 3) allows the request type
config.addAllowedMethod("OPTIONS");
config.addAllowedMethod("HEAD");
config.addAllowedMethod("GET");
config.addAllowedMethod("PUT");
config.addAllowedMethod("POST");
config.addAllowedMethod("DELETE");
config.addAllowedMethod("PATCH");
config.setMaxAge(3600L);
// 4)允许的头信息
config.addAllowedHeader("*");
//2.添加映射路径,我们拦截一切请求
UrlBasedCorsConfigurationSource configSource = new UrlBasedCorsConfigurationSource();
configSource.registerCorsConfiguration("/**", config);
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(configSource));
bean.setOrder(0);//利用FilterRegistrationBean,将拦截器注册靠前,避免被其它拦截器首先执行
return bean;
}
}
方式二:
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)//控制过滤器的级别最高
public class CosFilter implements Filter {
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest reqs = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin", reqs.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type,X-Requested-With");
response.setHeader("Access-Control-Max-Age", "3600");
if ("OPTIONS".equalsIgnoreCase(((HttpServletRequest) req).getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
filterChain.doFilter(req, res);
}
}
}
方式三:
包括网上说的这种(需要注意这种方式,会被shiro之类的先拦截,浏览器只会出现“同源策略禁止读取”,要想看到效果,需要shiro放开这个请求):
@Configuration
public class MyConfiguration extends WebMvcConfigurerAdapter {
@Override public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowCredentials(true)
.allowedHeaders("*")
.allowedOrigins("*")
.allowedMethods("*");
}
}
以上三种方式都需要注意跨域的请求,如果有登录拦截,是会出现“同源策略禁止读取”。因为登录拦截一般优先其它拦截器,会到不了后面我们需要处理的跨域授权拦截器,当然我这里上面的两个拦截器例子处理好了,在springboot的shiro下正常通过,不过后续还是要么传cookie自动登录,要么放开。至少不会出现“同源策略禁止读取”。