跨域问题

跨域问题

host和origin 不一致导致的跨域

前台请求后端接口 ,host和origin的ip/域名 不一致导致跨域
接口提供方配置 allow-origin 和skip-referer 为origin 的ip或域名,解决

自定义header参数导致的跨域

跨域提示
No 'Access-Control-Allow-Origin' header is present on the requested resource.
搜索后好到如下提示

浏览器在发送带有自定义的请求头时,
浏览器会先向服务器发送OPTIONS预检请求,
探测该请求服务端是否允许自定义跨域字段.如果允许,则继续执行请求

突然想到接口访问时要在header中加自定义参数x-authenticated-clientid
且request header 中有这行
Access-Control-Request-Headers: x-authenticated-clientid

百度方案:https://www.mk2048.com/blog/blog_h12cjjjjai1aa.html
https://blog.csdn.net/badboyer/article/details/51261083

web.xml修改过滤器

 <filter>
       <filter-name>CORS</filter-name>
       <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
       <async-supported>true</async-supported>
       <init-param>
           <param-name>cors.allowGenericHttpRequests</param-name>
           <param-value>true</param-value>
       </init-param>
       <init-param>
           <param-name>cors.allowOrigin</param-name>
           <param-value>*</param-value>
       </init-param>
       <init-param>
           <param-name>cors.allowSubdomains</param-name>
           <param-value>false</param-value>
       </init-param>
       <init-param>
           <param-name>cors.supportedMethods</param-name>
           <param-value>GET, HEAD, POST, OPTIONS</param-value>
       </init-param>
       <init-param>
           <param-name>cors.supportedHeaders</param-name>
           <param-value>Accept, Origin,
               X-Requested-With, Content-Type, Last-Modified, x-authenticated-clientid
           </param-value>
       </init-param>
       <init-param>
           <param-name>cors.exposedHeaders</param-name>
           <param-value>X-Test-1,
               X-Test-2
           </param-value>
       </init-param>
       <init-param>
           <param-name>cors.supportsCredentials</param-name>
           <param-value>true</param-value>
       </init-param>
       <init-param>
           <param-name>cors.maxAge</param-name>
           <param-value>3600</param-value>
       </init-param>
   </filter>
   <filter-mapping>
       <filter-name>CORS</filter-name>
       <url-pattern>/*</url-pattern>
   </filter-mapping>

supportedMethods加入OPTIONS

supportedHeaders 中加入 x-authenticated-clientid

posted @ 2022-05-20 15:59  赵钱富贵  阅读(230)  评论(0编辑  收藏  举报