解决前后端分离后的Cookie跨域问题
一. 前端Ajax关键配置
$.ajax({ type: "post", url: xxx, data: xxx, contentType: 'application/json', dataType: "json", xhrFields: { withCredentials: true }, success: function (data) { } })
二、后端过滤器关键配置
//解决Cookie跨域问题 response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin")); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); response.setHeader("Access-Control-Allow-Methods","GET, POST, PUT, DELETE"); //解决 Content-Type:application/json 时跨域设置失败问题 if("OPTIONS".equals(request.getMethod())) { //放行OPTIONS请求 filterChain.doFilter(request, response); return; }
注意:
- "Access-Control-Allow-Origin" 不能设置成 "*"
- 当 Content-Type 为 application/json 时,Ajax实际会发两次请求,第一次是一个OPTIONS请求,这时过滤器一定得放开