跨域

//允许所有的域名
        response.setHeader("Access-Control-Allow-Origin", "*");
        //允许发送cookies
        response.setHeader("Access-Control-Allow-Credentials", "true");
        //允许请求所有的方法
        response.setHeader("Access-Control-Allow-Methods", "*");
        //预检请求的最大超时（有效）时间为3600秒
        response.setHeader("Access-Control-Max-Age", "3600");
        //定义可以返回的头部信息字段
        response.setHeader("Access-Control-Allow-Headers", "Authorization,Origin,X-Requested-With,Content-Type,Accept,"
                + "content-Type,origin,x-requested-with,content-type,accept,authorization,token,id,X-Custom-Header,X-Cookie,Connection,User-Agent,Cookie,*");
        response.setHeader("Access-Control-Request-Headers", "Authorization,Origin, X-Requested-With,content-Type,Accept");
        //可以暴露给外部所有头部信息字段
        response.setHeader("Access-Control-Expose-Headers", "*");