CORS前后端分离下的跨域
1. 使用thymeleaf如果访问接口仍然带上ip:port的话,还是会跨域
2. 创建Filter类
import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; import org.springframework.stereotype.Component; @Component public class CORSFilter implements Filter{ @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; //允许跨域访问的域 res.setHeader("Access-Control-Allow-Origin", req.getHeader("Origin")); //是否允许请求带有验证信息 res.setHeader("Access-Control-Allow-Credentials", "true"); //允许使用的请求方法 res.setHeader("Access-Control-Allow-Methods", "POST,GET,OPTIONS,DELETE,PUT"); res.setHeader("Access-Control-Max-Age", "3600"); //允许携带的请求头 res.setHeader("Access-Control-Allow-Headers", "x-requested-with,Cache-Control,Pragma,Content-Type,Authorization,token");// if(req.getMethod().equals(HttpMethod.OPTIONS.toString())) { res.setStatus(HttpStatus.OK.value()); return; } chain.doFilter(request, res); } @Override public void destroy() { } }
3. 生成Filter的Bean
import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.Ordered; @Configuration public class FilterConfig { @Bean public FilterRegistrationBean<CORSFilter> registerCorsFilter() { FilterRegistrationBean<CORSFilter> filterRegistrationBean = new FilterRegistrationBean<CORSFilter>(); filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE + 1); filterRegistrationBean.setFilter(new CORSFilter()); filterRegistrationBean.setName("CORSFilter"); //filterRegistrationBean.addUrlPatterns("/*"); return filterRegistrationBean; } }
或者
@Override protected void configure(HttpSecurity http) throws Exception { //ChannelProcessingFilter.class这是第一个filter http.addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class); }