no access-control-allow-origin

 

前端解决跨域问题

$.ajax(
    'http://xx.xx.xx.xx:8090/xx/xx',
    {
    method:"POST",
    contentType:"application/x-www-form-urlencoded;charset=utf-8",
    dataType:"json",
    data:data,
    success:function(res){
        ...
    }
});

　　

 

服务端解决跨域问题

//告诉浏览器允许所有的域访问
//注意 * 不能满足带有cookie的访问,Origin 必须是全匹配
//resp.addHeader("Access-Control-Allow-Origin", "*");
//解决办法通过获取Origin请求头来动态设置
String origin = request.getHeader("Origin");
if (StringUtils.hasText(origin)) {
    resp.addHeader("Access-Control-Allow-Origin", origin);
}
//允许带有cookie访问
resp.addHeader("Access-Control-Allow-Credentials", "true");
//告诉浏览器允许跨域访问的方法
resp.addHeader("Access-Control-Allow-Methods", "*");
//告诉浏览器允许带有Content-Type,header1,header2头的请求访问
//resp.addHeader("Access-Control-Allow-Headers", "Content-Type,header1,header2");
//设置支持所有的自定义请求头
String headers = request.getHeader("Access-Control-Request-Headers");
if (StringUtils.hasText(headers)){
    resp.addHeader("Access-Control-Allow-Headers", headers);
}
//告诉浏览器缓存OPTIONS预检请求1小时,避免非简单请求每次发送预检请求,提升性能
resp.addHeader("Access-Control-Max-Age", "3600");