用Java过滤器实现跨域资源共享 CORS
原理解析
原理篇,主要还是要学习阮一峰的 跨域资源共享 CORS 详解
代码实现
使用 过滤器来实现。
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.RequestMethod;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* 跨域请求过滤器
*/
@Component
@WebFilter("/")
public class CrossFilter implements Filter {
private static final String ORIGIN = "Origin";
private static final String REFERER = "Referer";
private static final String TRUE = "true";
private static final String CACHE_86400 = "86400";
private static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
private static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
private static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method";
private static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers";
private static final String ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age";
private static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
private static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
@Override
public void init(FilterConfig filterConfig) {
//do something
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// 解决跨域请求问题
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
String origin = req.getHeader (ORIGIN);
if (origin == null) {
origin = req.getHeader (REFERER);
}
// 允许指定域访问跨域资源
setHeader (resp, ACCESS_CONTROL_ALLOW_ORIGIN, origin);
// 允许客户端携带跨域cookie,此时origin值不能为“*”,只能为指定单一域名
setHeader (resp, ACCESS_CONTROL_ALLOW_CREDENTIALS, TRUE);
if (RequestMethod.OPTIONS.toString ().equals (req.getMethod ())) {
String allowMethod = req.getHeader (ACCESS_CONTROL_REQUEST_METHOD);
String allowHeaders = req.getHeader (ACCESS_CONTROL_REQUEST_HEADERS);
// 浏览器缓存预检请求结果时间,单位:秒
setHeader (resp, ACCESS_CONTROL_MAX_AGE, CACHE_86400);
// 允许浏览器在预检请求成功之后发送的实际请求方法名
setHeader (resp, ACCESS_CONTROL_ALLOW_METHODS, allowMethod);
// 允许浏览器发送的请求消息头
setHeader (resp, ACCESS_CONTROL_ALLOW_HEADERS, allowHeaders);
return;
}
chain.doFilter (request, response);
}
private void setHeader(HttpServletResponse resp, String key, String value) {
resp.setHeader (key, value);
}
@Override
public void destroy() {
//do someThing
}
}
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY
· 【自荐】一款简洁、开源的在线白板工具 Drawnix