js跨域访问资源
js访问资源默认情况下采用同源策略
同源:域名,端口相同
localhost与ip地址都不是同源
ajax跨域比较严格:子域名,相同域名及端口不同都是跨域
火狐ajax跨域不会自动带上cookie
如要跨域需作相应的设置(多种方案):
一、
容器层面,影响范围是容器下的所有webapp应用
in tomcat/conf/web.xml ex:
<filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class></filter><filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern></filter-mapping>
:这个过滤器只针对apache-tomcat-7.0.41及以上版本。
二、
单个应用,只作用于这个项目本身
in webapp/WEB-INF/web.xml<filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class></filter><filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern></filter-mapping>
三、
指定Filter过滤的全部请求资源
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
res.addHeader("Access-Control-Allow-Origin", "*");
res.addHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
res.addHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With");
chain.doFilter(req, res);
}
四、
maven-Archetype-wepapp提供两种支持
tomcat7-maven-plugin
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.2</version>
<configuration>
<path>/servletdemo</path>
<port>8082</port>
<server>tomcat</server>
<url>http://localhost:8080/manager/text</url>
<!-- Enable CORS -->
<tomcatWebXml>src/test/resources/tomcat.web.xml</tomcatWebXml>
</configuration>
</plugin>
jetty-maven-plugin
<plugin>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-maven-plugin</artifactId>
<version>9.3.2.v20150730</version>
<configuration>
<scanIntervalSeconds>10</scanIntervalSeconds>
<webApp>
<contextPath>/servletdemo</contextPath>
<!--Fix file locking problem with jettyrun Enable CORS-->
<defaultsDescriptor>src/test/resources/jetty.web.xml</defaultsDescriptor>
</webApp>
<httpConnector>
<!-- mvn -Djetty.port=8082 jetty:run -->
<port>8082</port>
</httpConnector>
</configuration>
<dependencies>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-servlets</artifactId>
<version>9.3.2.v20150730</version>
</dependency>
</dependencies>
</plugin>
五、
框架配置
如springmvc支持注解及xml配置
单个方法
@RestController @RequestMapping("/account") public class AccountController { @CrossOrigin @GetMapping("/{id}") public Account retrieve(@PathVariable Long id) { // ... } @DeleteMapping("/{id}") public void remove(@PathVariable Long id) { // ... } }
类(origins允许访问的外源
)
@CrossOrigin(origins = "http://domain2.com", maxAge = 3600)
@RestController
@RequestMapping("/account")
public class AccountController {
@GetMapping("/{id}")
public Account retrieve(@PathVariable Long id) {
// ...
}
@DeleteMapping("/{id}")
public void remove(@PathVariable Long id) {
// ...
}
}
xml配置
<mvc:cors>
<mvc:mapping path="/api/**"
allowed-origins="http://domain1.com, http://domain2.com"
allowed-methods="GET, PUT"
allowed-headers="header1, header2, header3"
exposed-headers="header1, header2" allow-credentials="false"
max-age="123" />
<mvc:mapping path="/resources/**"
allowed-origins="http://domain1.com" />
</mvc:cors>