premise:
-
This article is based on spring boot solutions. CORS explanation of terms and other issues and processes, can be found behind the reference address, not repeat them.
problem:
- And front-end docking, cross-domain issues, and on the inside of the Authorization header value has been unable to obtain.
Solution:
The first method: Add the following code classes in the config file configuration. There is a problem, if we add another filter interceptors, there are points before and after treatment in order priority; I may appear such a situation - cross-domain issue is resolved, but just can not get to the drop in the header Authorization for the value of the key value (in the header to go to get the value in the front of the interceptor, would have been null, the certification has been the cause behind the 401, but this time the cross-domain or no problem. this is my step on pit) .
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
/**
* @description: 处理请求跨域问题
* @author: jcc
* @date: 2018-11-16 11:51
* @Modified By:
*/
@Configuration
public class CORSConfiguration {
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedHeaders("*")
.allowedMethods("*")
.allowedOrigins("*");
}
};
}
}The second method: Add the following code classes in the config file configuration. A very important point here is that when there are other interceptors by bean.setOrder (0); set the load order, I solve the problem by this way (I actually did not put this code into the class config configuration file , but to copy the code below the main function of the Bean).
@Configuration
public class CorsConfig {
@Bean
public FilterRegistrationBean corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
// 设置你要允许的网站域名,如果全允许则设为 *
config.addAllowedOrigin("http://localhost:4200");
// 如果要限制 HEADER 或 METHOD 请自行更改
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
// 这个顺序很重要哦,为避免麻烦请设置在最前
bean.setOrder(0);
return bean;
}
}The third method: disposed in the main function or the Bean Bean add this configuration the config; however this setting order is not issued.
@Bean
public CorsFilter corsFilter() {
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
final CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true); // 允许cookies跨域
config.addAllowedOrigin("*");// 允许向该服务器提交请求的URI,*表示全部允许。。这里尽量限制来源域,比如http://xxxx:8080 ,以降低安全风险。。
config.addAllowedHeader("*");// 允许访问的头信息,*表示全部
config.setMaxAge(18000L);// 预检请求的缓存时间(秒),即在这个时间段里,对于相同的跨域请求不会再预检了
config.addAllowedMethod("*");// 允许提交请求的方法,*表示全部允许,也可以单独设置GET、PUT等
/* config.addAllowedMethod("HEAD");
config.addAllowedMethod("GET");// 允许Get的请求方法
config.addAllowedMethod("PUT");
config.addAllowedMethod("POST");
config.addAllowedMethod("DELETE");
config.addAllowedMethod("PATCH");*/
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}Reference:
Cross-Origin Resource Sharing CORS Depth - Ruan Yifeng
Regain the rear end of the Spring Boot (five) - across domains, and custom query pagination
An in-depth study of cross-domain issues
Cross-domain access solutions before and after the Spring Cloud due to end after separation
Note: aside questions - and later specific micro gateway services are set up to solve cross-domain configuration, if there are problems.
