js跨域访问资源

js访问资源默认情况下采用同源策略

同源:域名,端口相同

localhost与ip地址都不是同源

ajax跨域比较严格:子域名,相同域名及端口不同都是跨域
火狐ajax跨域不会自动带上cookie

如要跨域需作相应的设置(多种方案):

一、
容器层面,影响范围是容器下的所有webapp应用
in tomcat/conf/web.xml ex:
<filter>      <filter-name>CorsFilter</filter-name>   <filter-class>org.apache.catalina.filters.CorsFilter</filter-class></filter><filter-mapping>   <filter-name>CorsFilter</filter-name>   <url-pattern>/*</url-pattern></filter-mapping>
:这个过滤器只针对apache-tomcat-7.0.41及以上版本。
二、
单个应用,只作用于这个项目本身
in webapp/WEB-INF/web.xml<filter>   <filter-name>CorsFilter</filter-name>   <filter-class>org.apache.catalina.filters.CorsFilter</filter-class></filter><filter-mapping>   <filter-name>CorsFilter</filter-name>   <url-pattern>/*</url-pattern></filter-mapping>
三、
指定Filter过滤的全部请求资源

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {  
HttpServletRequest req = (HttpServletRequest) request;   
HttpServletResponse res = (HttpServletResponse) response;   
res.addHeader("Access-Control-Allow-Origin", "*");   
res.addHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");   
res.addHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires,   Content-Type, X-E4M-With");   
chain.doFilter(req, res);
}

四、

maven-Archetype-wepapp提供两种支持
tomcat7-maven-plugin
<plugin>   
     <groupId>org.apache.tomcat.maven</groupId>   
     <artifactId>tomcat7-maven-plugin</artifactId>  
    <version>2.2</version>   
    <configuration>     
           <path>/servletdemo</path>     
          <port>8082</port>     
          <server>tomcat</server>     
           <url>http://localhost:8080/manager/text</url>   
          <!-- Enable CORS -->   
          <tomcatWebXml>src/test/resources/tomcat.web.xml</tomcatWebXml>   
    </configuration>
</plugin>
jetty-maven-plugin
<plugin>   
           <groupId>org.eclipse.jetty</groupId>   
           <artifactId>jetty-maven-plugin</artifactId>   
           <version>9.3.2.v20150730</version>   
      <configuration>     
                    <scanIntervalSeconds>10</scanIntervalSeconds>   
                    <webApp>     
                            <contextPath>/servletdemo</contextPath>     
                          <!--Fix file locking problem with jettyrun Enable CORS-->    
                         <defaultsDescriptor>src/test/resources/jetty.web.xml</defaultsDescriptor>   
                      </webApp>   
                    <httpConnector>     
                          <!-- mvn -Djetty.port=8082 jetty:run -->     
                          <port>8082</port>   
                   </httpConnector>   
      </configuration>
<dependencies>
<dependency>   
<groupId>org.eclipse.jetty</groupId>   
<artifactId>jetty-servlets</artifactId>   
<version>9.3.2.v20150730</version>   
</dependency>
</dependencies>
</plugin>
五、
框架配置
如springmvc支持注解及xml配置
单个方法
@RestController @RequestMapping("/account") public class AccountController { @CrossOrigin @GetMapping("/{id}") public Account retrieve(@PathVariable Long id) { // ... } @DeleteMapping("/{id}") public void remove(@PathVariable Long id) { // ... } }

类(origins允许访问的外源
@CrossOrigin(origins = "http://domain2.com", maxAge = 3600)
@RestController
@RequestMapping("/account")
public class AccountController {

	@GetMapping("/{id}")
	public Account retrieve(@PathVariable Long id) {
		// ...
	}

	@DeleteMapping("/{id}")
	public void remove(@PathVariable Long id) {
		// ...
	}
}
xml配置
<mvc:cors>

	<mvc:mapping path="/api/**"
		allowed-origins="http://domain1.com, http://domain2.com"
		allowed-methods="GET, PUT"
		allowed-headers="header1, header2, header3"
		exposed-headers="header1, header2" allow-credentials="false"
		max-age="123" />

	<mvc:mapping path="/resources/**"
		allowed-origins="http://domain1.com" />

</mvc:cors>
 
 
 
posted @ 2017-12-12 16:25  陈秋白  阅读(477)  评论(0编辑  收藏  举报