跨域拦截Access-Control-Allow-Origin设置多个origin

在Extjs和java项目碰到了需要同时处理跨域,外部要访问后台接口的问题

原来的代码是这样,只能设置一个extjs前台需要过滤的跨域请求

复制代码
package com.xgt.config;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;

/**
 * 解决跨域问题
 */
public class SimpleCORSFilter implements Filter {

    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        
            response.setHeader("Access-Control-Allow-Origin", "http://127.0.0.1:1841");
            response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
            response.setHeader("Access-Control-Max-Age", "3600");
            response.setHeader("Access-Control-Allow-Headers", "content-type, x-requested-with");
            response.setHeader("Access-Control-Allow-Credentials", "true");
       chain.doFilter(req, res);
} public void init(FilterConfig filterConfig) {} public void destroy() {} }
复制代码

 

略微改进,给同局域网的同事访问我的接口,我设置的ip是同事的192.168.1.178,是因为他的ip访问我的接口会遭到拦截,我自己的ip不会被拦截,所以不用设置

复制代码
package com.xgt.config;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;

/**
 * 解决跨域问题
 */
public class SimpleCORSFilter implements Filter {

    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        String []  allowDomain= {"http://127.0.0.1:1841","http://192.168.1.178"};
        Set<String> allowedOrigins= new HashSet<String>(Arrays.asList(allowDomain));
        String originHeader=((HttpServletRequest) req).getHeader("Origin");
        if (allowedOrigins.contains(originHeader)) {
            response.setHeader("Access-Control-Allow-Origin", originHeader);
            response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
            response.setHeader("Access-Control-Max-Age", "3600");
            response.setHeader("Access-Control-Allow-Headers", "content-type, x-requested-with");
            response.setHeader("Access-Control-Allow-Credentials", "true");
        }
        chain.doFilter(req, res);
    }

    public void init(FilterConfig filterConfig) {}

    public void destroy() {}

}
复制代码

 还有一种SB写法,直接根据originHeader的结果来判断,if语句简单粗暴

复制代码
HttpServletResponse response  = (HttpServletResponse) res;
        String originHeader=((HttpServletRequest) req).getHeader("Origin");
        if ("http://127.0.0.1:1841".equals(originHeader)) {
            response.setHeader("Access-Control-Allow-Origin", "http://127.0.0.1:1841");
            response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
            response.setHeader("Access-Control-Max-Age", "3600");
            response.setHeader("Access-Control-Allow-Headers", "content-type, x-requested-with");
            response.setHeader("Access-Control-Allow-Credentials", "true");
        }else if("http://192.168.1.178".equals(originHeader)){
            response.setHeader("Access-Control-Allow-Origin", "http://192.168.1.178");
            response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
            response.setHeader("Access-Control-Max-Age", "3600");
            response.setHeader("Access-Control-Allow-Headers", "content-type, x-requested-with");
            response.setHeader("Access-Control-Allow-Credentials", "true");
        }else if(originHeader==null){
            chain.doFilter(req,res);
        }
        chain.doFilter(req, res);
复制代码

 

posted @   Rest探路者  阅读(20117)  评论(0编辑  收藏  举报
编辑推荐:
· 没有源码,如何修改代码逻辑?
· 一个奇形怪状的面试题:Bean中的CHM要不要加volatile?
· [.NET]调用本地 Deepseek 模型
· 一个费力不讨好的项目,让我损失了近一半的绩效!
· .NET Core 托管堆内存泄露/CPU异常的常见思路
阅读排行:
· DeepSeek “源神”启动!「GitHub 热点速览」
· 微软正式发布.NET 10 Preview 1:开启下一代开发框架新篇章
· C# 集成 DeepSeek 模型实现 AI 私有化(本地部署与 API 调用教程)
· DeepSeek R1 简明指南:架构、训练、本地部署及硬件要求
· NetPad:一个.NET开源、跨平台的C#编辑器
levels of contents
点击右上角即可分享
微信分享提示