跨域
//允许所有的域名
response.setHeader("Access-Control-Allow-Origin", "*");
//允许发送cookies
response.setHeader("Access-Control-Allow-Credentials", "true");
//允许请求所有的方法
response.setHeader("Access-Control-Allow-Methods", "*");
//预检请求的最大超时(有效)时间为3600秒
response.setHeader("Access-Control-Max-Age", "3600");
//定义可以返回的头部信息字段
response.setHeader("Access-Control-Allow-Headers", "Authorization,Origin,X-Requested-With,Content-Type,Accept,"
+ "content-Type,origin,x-requested-with,content-type,accept,authorization,token,id,X-Custom-Header,X-Cookie,Connection,User-Agent,Cookie,*");
response.setHeader("Access-Control-Request-Headers", "Authorization,Origin, X-Requested-With,content-Type,Accept");
//可以暴露给外部所有头部信息字段
response.setHeader("Access-Control-Expose-Headers", "*");