springboot解决跨域的四种方式
2021/11/20 23:40:30
本文主要是介绍springboot解决跨域的四种方式,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
一:wenconfig @Configuration public class CorsConfig implements WebMvcConfigurer { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedOrigins("*") .allowedMethods("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS") .allowCredentials(true) .maxAge(3600) .allowedHeaders("*"); } } 二:跨域拦截器 @Configuration public class CorsFilterConfig { /** * 开启跨域访问拦截器 * */ @Bean public CorsFilter corsFilter() { //创建CorsConfiguration对象后添加配置 CorsConfiguration corsConfiguration = new CorsConfiguration(); //设置放行哪些原始域 corsConfiguration.addAllowedOrigin("*"); //放行哪些原始请求头部信息 corsConfiguration.addAllowedHeader("*"); //放行哪些请求方式 corsConfiguration.addAllowedMethod("*"); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); //2. 添加映射路径 source.registerCorsConfiguration("/**", corsConfiguration); return new CorsFilter(source); } } 三:定义拦截器 @Slf4j @Component @WebFilter(urlPatterns = { "/*" }, filterName = "headerFilter") public class HeaderFilter implements Filter { @Override public void doFilter(ServletRequest request, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) resp; //解决跨域访问报错 response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE"); //设置过期时间 response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, client_id, uuid, Authorization"); // 支持HTTP 1.1. response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // 支持HTTP 1.0. response.setHeader("Expires", "0"); response.setHeader("Pragma", "no-cache"); // 编码 response.setCharacterEncoding("UTF-8"); chain.doFilter(request, resp); } @Override public void init(FilterConfig filterConfig) { log.info("跨域过滤器启动"); } @Override public void destroy() { log.info("跨域过滤器销毁"); } } 四:注解 使用 CrossOrigin 注解 可以使用在单个方法上也可以使用在类上 Target({ElementType.TYPE, ElementType.METHOD}) @Retention(RetentionPolicy.RUNTIME) @Documented public @interface CrossOrigin { /** @deprecated as of Spring 5.0, in favor of {@link CorsConfiguration#applyPermitDefaultValues} */ @Deprecated String[] DEFAULT_ORIGINS = {"*"}; /** @deprecated as of Spring 5.0, in favor of {@link CorsConfiguration#applyPermitDefaultValues} */ @Deprecated String[] DEFAULT_ALLOWED_HEADERS = {"*"}; /** @deprecated as of Spring 5.0, in favor of {@link CorsConfiguration#applyPermitDefaultValues} */ @Deprecated boolean DEFAULT_ALLOW_CREDENTIALS = false; /** @deprecated as of Spring 5.0, in favor of {@link CorsConfiguration#applyPermitDefaultValues} */ @Deprecated long DEFAULT_MAX_AGE = 1800; /** * Alias for {@link #origins}. */ @AliasFor("origins") String[] value() default {}; /** * A list of origins for which cross-origin requests are allowed. Please, * see {@link CorsConfiguration#setAllowedOrigins(List)} for details. * <p>By default all origins are allowed unless {@code originPatterns} is * also set in which case {@code originPatterns} is used instead. */ @AliasFor("value") String[] origins() default {}; /** * Alternative to {@link #origins()} that supports origins declared via * wildcard patterns. Please, see * @link CorsConfiguration#setAllowedOriginPatterns(List)} for details. * <p>By default this is not set. * @since 5.3 */ String[] originPatterns() default {}; /** * The list of request headers that are permitted in actual requests, * possibly {@code "*"} to allow all headers. * <p>Allowed headers are listed in the {@code Access-Control-Allow-Headers} * response header of preflight requests. * <p>A header name is not required to be listed if it is one of: * {@code Cache-Control}, {@code Content-Language}, {@code Expires}, * {@code Last-Modified}, or {@code Pragma} as per the CORS spec. * <p>By default all requested headers are allowed. */ String[] allowedHeaders() default {}; /** * The List of response headers that the user-agent will allow the client * to access on an actual response, other than "simple" headers, i.e. * {@code Cache-Control}, {@code Content-Language}, {@code Content-Type}, * {@code Expires}, {@code Last-Modified}, or {@code Pragma}, * <p>Exposed headers are listed in the {@code Access-Control-Expose-Headers} * response header of actual CORS requests. * <p>The special value {@code "*"} allows all headers to be exposed for * non-credentialed requests. * <p>By default no headers are listed as exposed. */ String[] exposedHeaders() default {}; /** * The list of supported HTTP request methods. * <p>By default the supported methods are the same as the ones to which a * controller method is mapped. */ RequestMethod[] methods() default {}; /** * Whether the browser should send credentials, such as cookies along with * cross domain requests, to the annotated endpoint. The configured value is * set on the {@code Access-Control-Allow-Credentials} response header of * preflight requests. * <p><strong>NOTE:</strong> Be aware that this option establishes a high * level of trust with the configured domains and also increases the surface * attack of the web application by exposing sensitive user-specific * information such as cookies and CSRF tokens. * <p>By default this is not set in which case the * {@code Access-Control-Allow-Credentials} header is also not set and * credentials are therefore not allowed. */ String allowCredentials() default ""; /** * The maximum age (in seconds) of the cache duration for preflight responses. * <p>This property controls the value of the {@code Access-Control-Max-Age} * response header of preflight requests. * <p>Setting this to a reasonable value can reduce the number of preflight * request/response interactions required by the browser. * A negative
这篇关于springboot解决跨域的四种方式的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-11-26消息中间件源码剖析教程
- 2024-11-26JAVA语音识别项目资料的收集与应用
- 2024-11-26Java语音识别项目资料:入门级教程与实战指南
- 2024-11-26SpringAI:Java 开发的智能新利器
- 2024-11-26Java云原生资料:新手入门教程与实战指南
- 2024-11-26JAVA云原生资料入门教程
- 2024-11-26Mybatis官方生成器资料详解与应用教程
- 2024-11-26Mybatis一级缓存资料详解与实战教程
- 2024-11-26Mybatis一级缓存资料详解:新手快速入门
- 2024-11-26SpringBoot3+JDK17搭建后端资料详尽教程