Interceptor拦截器和Filter过滤器解决后台跨域问题
Interceptor拦截器方法一
import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.CorsRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @Configuration public class Cors implements WebMvcConfigurer{ @Override public void addCorsMappings(CorsRegistry registry){ registry.addMapping("/**") .allowedOrigins("*") .allowedMethods("GET","POST","PUT","OPTIONS","DELETE","PATCH") .allowCredentials(true).maxAge(3600); } }
Interceptor拦截器方法二
@Component public class CorsFilter implements HandlerInterceptor{ public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object arg2) throws Exception { response.setHeader("Access-Control-Allow-Origin",request.getHeader("Origin"));//支持跨域请求 response.setHeader("Access-Control-Allow-Methods", "*"); response.setHeader("Access-Control-Allow-Credentials", "true");//是否支持cookie跨域 response.setHeader("Access-Control-Allow-Headers", "Authorization,Origin, X-Requested-With, Content-Type, Accept,Access-Token");//Origin, X-Requested-With, Content-Type, Accept,Access-Token return true; } } public class InterceptorConfig extends WebMvcConfigurationSupport{ @Autowired private CorsFilter filterConfig; registry.addInterceptor(filterConfig).addPathPatterns("/**"); }
使用拦截器实现跨域配置使用中的问题:拦截器从请求头获取token参数获取不到值
原因:权限拦截器在跨域处理之前执行了,导致跨域配置失效
解决方法:将跨域处理放到Filter过滤器中进行,因为过滤器在拦截器之前执行
filter跨域配置
public class CorsFilter implements Filter { private String encoding = "UTF-8";
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest)req; HttpServletResponse response = (HttpServletResponse) res; String originHeader = request.getHeader("Origin"); //request.setCharacterEncoding("GBK"); response.setHeader("Content-type", "text/html;charset=UTF-8"); response.setCharacterEncoding(encoding); response.setHeader("Access-Control-Allow-Origin", originHeader); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token,authorization"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("XDomainRequestAllowed","1"); response.setHeader("XDomainRequestAllowed","1"); //response.setHeader("Access-Control-Request-Headers","Authorization"); chain.doFilter(request, response); } public void init(FilterConfig arg0) throws ServletException { this.encoding = arg0.getInitParameter("Encoding"); } @Bean public FilterRegistrationBean registerWyfzHeaderFilter() { FilterRegistrationBean registration = new FilterRegistrationBean(); registration.setFilter(new CorsFilter()); registration.addUrlPatterns("/*"); registration.setName("CorsFilter"); registration.setOrder(1); return registration; } }
response.setHeader参数
|
response.setHeader的key
|
值
|
涵义
|
|
Content-type
|
text/html;charset=UTF-8
|
请求类型
|
|
Access-Control-Allow-Origin
|
*
|
指定可信任的域名来接受返回信息
|
|
Access-Control-Allow-Methods
|
POST, GET, OPTIONS, DELETE
|
指定请求的方法
|
|
Access-Control-Max-Age
|
3600
|
指定间隔多少秒后异步请求发起预检请求,0每次都发起
|
|
Access-Control-Allow-Headers
|
Content-Type, X-E4M-With,token
|
表示header里能够携带的参数,如果请求头中所带的参数没有设置的话request.getHeader就获取不到值
|
|
Access-Control-Allow-Credentials
|
true
|
允许用户携带认证凭据
|
|
XDomainRequestAllowed
|
1
|
ie8,ie9中的一种跨域手段
|
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 10年+ .NET Coder 心语,封装的思维:从隐藏、稳定开始理解其本质意义
· .NET Core 中如何实现缓存的预热?
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· 阿里巴巴 QwQ-32B真的超越了 DeepSeek R-1吗?
· 【译】Visual Studio 中新的强大生产力特性
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 【设计模式】告别冗长if-else语句:使用策略模式优化代码结构