import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.codec.ServerCodecConfigurer;
import org.springframework.http.codec.support.DefaultServerCodecConfigurer;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.web.cors.reactive.CorsUtils;
import org.springframework.web.filter.reactive.HiddenHttpMethodFilter;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;
/**
* 跨域配置
* @author isxuduan
*/
@Configuration
public class CorsConfig {
/**
* 配置成* ,否则每自定义一个头都需要在此处增加配置
*/
private static final String ALLOWED_HEADERS = "*";
private static final String ALLOWED_METHODS = "*";
private static final String ALLOWED_ORIGIN = "*";
private static final String ALLOWED_Expose = "*";
private static final String MAX_AGE = "18000L";
@Bean
public WebFilter corsFilter() {
return (ServerWebExchange ctx, WebFilterChain chain) -> {
ServerHttpRequest request = ctx.getRequest();
if (CorsUtils.isCorsRequest(request)) {
HttpHeaders requestHeaders = request.getHeaders();
ServerHttpResponse response = ctx.getResponse();
HttpHeaders headers = response.getHeaders();
headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, ALLOWED_ORIGIN);
headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS,ALLOWED_HEADERS);
headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, ALLOWED_Expose);
headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, MAX_AGE);
headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, ALLOWED_METHODS);
if (request.getMethod() == HttpMethod.OPTIONS) {
response.setStatusCode(HttpStatus.OK);
return Mono.empty();
}
}
return chain.filter(ctx);
};
}
@Bean
public ServerCodecConfigurer serverCodecConfigurer() {
return new DefaultServerCodecConfigurer();
}
@Bean
public HiddenHttpMethodFilter hiddenHttpMethodFilter() {
return new HiddenHttpMethodFilter() {
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
return chain.filter(exchange);
}
};
}
}
这个在IE下得改进一下
ServerHttpRequest request = ctx.getRequest();
if (CorsUtils.isCorsRequest(request)) {
HttpHeaders requestHeaders = request.getHeaders();
ServerHttpResponse response = ctx.getResponse();
HttpHeaders headers = response.getHeaders();
if(ALLOWED_ORIGIN.contains("*") || ALLOWED_ORIGIN.contains(requestHeaders.getOrigin()))
headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, requestHeaders.getOrigin());
String requestHeader=StringUtils.join(requestHeaders.getAccessControlRequestHeaders(), ",");
headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, requestHeader==null?ALLOWED_HEADERS:ALLOWED_HEADERS+","+requestHeader);
headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, ALLOWED_Expose);
headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, MAX_AGE);
String requestMethod=requestHeaders.getAccessControlRequestMethod()==null?null:requestHeaders.getAccessControlRequestMethod().name();
headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, requestMethod==null || ALLOWED_ORIGIN.contains(requestMethod)?ALLOWED_ORIGIN:ALLOWED_METHODS+","+requestMethod);
if (request.getMethod() == HttpMethod.OPTIONS) {
response.setStatusCode(HttpStatus.OK);
return Mono.empty();
}
}
return chain.filter(ctx);
};
改进版
