SpringBoot设置跨域的几种方式

• 什么是跨域？

  　　浏览器从一个域名的网页去请求另一个域名的资源时，域名、端口、协议任一不同，都是跨域 

  原因:

  　　由于浏览器的同源策略, 即a网站只能访问a网站的内容,不能访问b网站的内容.

  注意:

  　　跨域问题只存在于浏览器,也就是说当你的前端页面访问后端简单请求的接口时,返回值是有的,只是服务器没有在请求头指定跨域的信息,所以浏览器自动把返回值给"屏蔽了".

  　　经过上面的了解,可以得出几个解决跨域的方法(不考虑前端实现):

  　　1.服务端指定跨域信息

  　　2.在web页面与服务器之间加一层服务指定跨域信息,比如nginx
   

  使用springboot提供了跨域的方法:

  　　1.5版本为继承WebMvcConfigurerAdapter 类实现抽象方法,

  //springboot 1.5方式
  @Configuration
  public class WebMvcConfig extends WebMvcConfigurerAdapter {
   
    @Override
    public void addCorsMappings(CorsRegistry registry) {
      registry.addMapping("/**").allowedHeaders("*")
        .allowedMethods("*")
        .allowedOrigins("*")
        .allowCredentials(true);
    }
  }

  2.0以后为实现WebMvcConfigurer 接口重写方法

  //springboot 2.0以上的方式
  @Configuration
  public class WebMvcConfig implements WebMvcConfigurer {
   
      @Override
      public void addCorsMappings(CorsRegistry registry) {
          registry.addMapping("/**")
                  .allowedHeaders("Content-Type","X-Requested-With","accept,Origin","Access-Control-Request-Method","Access-Control-Request-Headers","token")
                  .allowedMethods("*")
                  .allowedOrigins("*")
                  .allowCredentials(true);
      }
  }

  使用拦截器实现跨域:

  import org.springframework.context.annotation.Configuration;
  import org.springframework.web.servlet.HandlerInterceptor;
  import org.springframework.web.servlet.ModelAndView;
  import org.springframework.web.servlet.config.annotation.CorsRegistry;
  import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
  import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
   
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
   
  @Configuration
  public class WebMvcConfig implements WebMvcConfigurer {
      @Override
      public void addInterceptors(InterceptorRegistry registry) {
          registry.addInterceptor(new HandlerInterceptor() {
              @Override
              public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
                  response.addHeader("Access-Control-Allow-Origin", "*");
                  response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
                  response.addHeader("Access-Control-Allow-Headers",
                          "Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,token");
                  return true;
              }
   
              @Override
              public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
   
              }
   
              @Override
              public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
   
              }
          });
      }
   
  }

  注意:

  请求头中自定义的字段是不允许跨域的,所以要指定

  response.addHeader("Access-Control-Allow-Headers", "Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,token");

  或者

  response.addHeader("Access-Control-Allow-Headers", "*");

  还可以使用servlet提供的过滤器进行跨域配置:

  import org.slf4j.Logger;
  import org.slf4j.LoggerFactory;
  import org.springframework.beans.factory.annotation.Autowired;
  import org.springframework.stereotype.Component;
  
  import javax.servlet.*;
  import javax.servlet.annotation.WebFilter;
  import javax.servlet.http.Cookie;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  import javax.servlet.http.HttpSession;
  import java.io.IOException;
  
  /**
   * 请求的基本过滤器 预处理请求头
   */
  @Component
  @WebFilter(urlPatterns = {"/*"}, filterName = "tokenAuthorFilter")
  public class TokenAuthorFilter implements Filter {
  
      private static Logger LOG = LoggerFactory.getLogger(TokenAuthorFilter.class);
  
      @Override
      public void destroy() {
  
      }
  
      @Override
      public void doFilter(ServletRequest request, ServletResponse response,
                           FilterChain chain) throws IOException, ServletException {
          HttpServletRequest req = (HttpServletRequest) request;
          HttpServletResponse rep = (HttpServletResponse) response;
  
          HttpSession session = req.getSession();
          LOG.info("sessionId:{}", session.getId());
          //LOG.info("Origin:{}", req.getHeader("Origin"));
  
          //设置允许跨域的配置
          // 这里填写你允许进行跨域的主机ip（正式上线时可以动态配置具体允许的域名和IP）
          rep.setHeader("Access-Control-Allow-Origin", "*");
          //rep.setHeader("Access-Control-Allow-Origin", "*");
          rep.setHeader("Access-Control-Expose-Headers", jwtProperties.getHeader());
          // 允许的访问方法
          rep.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, PATCH");
          // Access-Control-Max-Age 用于 CORS 相关配置的缓存
          rep.setHeader("Access-Control-Max-Age", "3600");
          rep.setHeader("Access-Control-Allow-Headers", "token, Origin, X-Requested-With, Content-Type, Accept");
          //若要返回cookie、携带seesion等信息则将此项设置我true
          rep.setHeader("Access-Control-Allow-Credentials", "true");
          // 把获取的Session返回个前端Cookie
          //rep.addCookie(new Cookie("JSSESIONID", session.getId()));
          chain.doFilter(req, rep);
  
      }
  
      @Override
      public void init(FilterConfig arg0) throws ServletException {
  
      }
  
  }

  灵活的跨域方式:

  　　如果我们只想提供一个方法可以跨域,那么可以使用注解的形式:

  @CrossOrigin
  @RestController
  public class TestController {
  
  }