解决Access-Control-Allow-Origin跨域问题

方法五与前四种的区别:浏览器一般发两次请求,一次OPTIONS的,一次正式的,如果OPTIONS请求不能取到token,会报下面错误:

has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

解决方法就是OPTION请求时不校验token。

注:方法五与前四种属于不同类型,并不是前四种的替代方式。方法五一定要考虑

方法一:给response设置header

public User getUser(HttpServletResponse response) {
    response.setHeader("Access-Control-Allow-Origin","*");
    User user = new User(1,"张三",20);
    return user;
}

方法二:添加注解,如果添加到类上,那么整个类中的方法都可以跨域访问

@CrossOrigin
public User getUser2(HttpServletResponse response) {
    User user = new User(2,"李四",20);
    return user;
}

方法三:在拦截器中设置response的header,以下是springboot中的写法

public class WebInterceptor implements HandlerInterceptor{
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { response.setHeader("Access-Control-Allow-Origin","*"); return true; } }
@Configuration
public class MyWebMvcConfigurer implements WebMvcConfigurer{

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new WebInterceptor());        
    }
}

方法四:实现WebMvcConfigurer接口,重写addCorsMappings方法,如下:

@Configuration
public class MyWebMvcConfigurer implements WebMvcConfigurer{

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
        .allowedOrigins("*")
        .allowCredentials(true)
        .allowedMethods("GET","POST","PUT","DELETE","HEAD");
    }
}

 方法五:继承shiro的AuthenticationFilter,重新isAccessAllowed方法,如下:

@Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {

       HttpServletRequest httpServletRequest = (HttpServletRequest)request;
       String method = httpServletRequest.getMethod().toUpperCase();
       
        //OPTIONS请求直接放过,不需要校验token,避免报OPTIONS预请求跨域错误
        if("OPTIONS".equals(method)){
           return true;
        }
        return super.isAccessAllowed(request, response, mappedValue);
    }

 

posted @ 2020-09-07 15:36  雷雨客  阅读(4003)  评论(0编辑  收藏  举报