Springboot配置跨域问题
Access to XMLHttpRequest at 'http://xxxxxx' from origin 'http://localhost:8081' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
跨域问题,后台SpringBoot+Shiro,跨域时GET会发起Options请求,若对Options进行session检查拦截会有问题,因为不会携带token等参数,需要对其过滤不进行处理,需要改动两处:
1.SpringMVC增加response设置
@Component
public class WebInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//允许api跨域
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, DELETE,OPTIONS");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "*");
String method= request.getMethod();
if (method.equals("OPTIONS")){
response.setStatus(200);
return false;
}
return true;
}
}
2.Shiro增加配置,不对OPTIONS进行拦截,同时对于无效会话直接输出json参数,不能通过redirect跳转到别的url输出,否则在浏览器调试时也不支持
public class MyAuthenticationFilter extends FormAuthenticationFilter {
@Override
protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
String method= httpServletRequest.getMethod();
//跨域时OPTIONS请求,此时不会带着token,若跳转就不对了。
if (method.equals("OPTIONS")){
return ;
}
//WebUtils.issueRedirect(request, response, "/api/nologin");
//此处不不能redirect,跨域不能用
//API过期,返回过期json
JSONObject json = new JSONObject();
json.put("code", 2);
json.put("msg", "登录会话失效,请重新登录");
render((HttpServletResponse) response, "text/plain;charset=UTF-8", json.toString());
}
public void render(HttpServletResponse response, String contentType,
String text) {
response.setContentType(contentType);
response.setHeader("Pragma", "No-cache");
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
try {
response.getWriter().write(text);
} catch (IOException e) {
e.printStackTrace();
}
}
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
HttpServletResponse httpResponse = (HttpServletResponse) response;
HttpServletRequest httpRequest = (HttpServletRequest) request;
if (httpRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
return true;
}
return super.preHandle(request,response);
}
}
MyAuthenticationFilter 需要配置到Shiro配置文件中
map.put("/api/**","user");
Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();
filters.put("user", new MyAuthenticationFilter());
shiroFilterFactoryBean.setFilters(filters);
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 没有源码,如何修改代码逻辑?
· 一个奇形怪状的面试题:Bean中的CHM要不要加volatile?
· [.NET]调用本地 Deepseek 模型
· 一个费力不讨好的项目,让我损失了近一半的绩效!
· .NET Core 托管堆内存泄露/CPU异常的常见思路
· 微软正式发布.NET 10 Preview 1:开启下一代开发框架新篇章
· 没有源码,如何修改代码逻辑?
· DeepSeek R1 简明指南:架构、训练、本地部署及硬件要求
· NetPad:一个.NET开源、跨平台的C#编辑器
· PowerShell开发游戏 · 打蜜蜂