SpringMvc:
<mvc:cors> <mvc:mapping path="/**" allowed-origins="*" allow-credentials="true" max-age="1800" allowed-methods="GET,POST,PUT,DELETE,PATCH,OPTIONS"/> </mvc:cors>
在发生全局异常和文件上传过大时,没有添加相应的头,所以不推荐
public class CorsInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse response, Object o) throws Exception { System.out.println("添加跨域支持"); //添加跨域CORS response.addHeader("Access-Control-Max-Age", "1800");//30 min response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Headers", "X-Requested-With,content-type,Content-Type,token"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH"); return true; } @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { System.out.println("postHandle"); } @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { System.out.println("afterCompletion"); } }
上面这种也可以,但是没有处理预检请求,考虑还是采用下面CorsFilter的方式
Spring:
public class OssCorsFilter extends OncePerRequestFilter{ private CorsProcessor processor = new DefaultCorsProcessor(); private CorsConfiguration corsConfiguration = new CorsConfiguration(); //构造代码块初始化跨域配置 { corsConfiguration.setAllowedOrigins(Arrays.asList("*")); corsConfiguration.setAllowCredentials(true); corsConfiguration.setAllowedHeaders(Arrays.asList("*")); corsConfiguration.setAllowedMethods(Arrays.asList("*")); corsConfiguration.setExposedHeaders(Arrays.asList("Original-Filename")); corsConfiguration.setMaxAge(3600l); } @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { //此处的代码复制来源为Spring的CorsFilter if (CorsUtils.isCorsRequest(request)) { if (corsConfiguration != null) { boolean isValid = this.processor.processRequest(corsConfiguration, request, response); if (!isValid || CorsUtils.isPreFlightRequest(request)) { return; } } } filterChain.doFilter(request, response); } }
import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import org.springframework.web.filter.CorsFilter; /** * 允许跨域 */ public class MyCorsFilter extends CorsFilter { public MyCorsFilter() { super(configurationSource()); } private static UrlBasedCorsConfigurationSource configurationSource() { CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); config.addAllowedOrigin("http://localhost:8081"); config.addAllowedHeader("*"); config.addAllowedMethod("*"); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", config); return source; } }
SpringBoot:
@Configuration public class GlobalCorsConfig { @Bean public CorsFilter corsFilter() { CorsConfiguration corsConfiguration = new CorsConfiguration(); corsConfiguration.setAllowCredentials(true); corsConfiguration.addAllowedOrigin("*"); corsConfiguration.addAllowedHeader("*"); corsConfiguration.addAllowedMethod("*"); UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource(); urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration); return new CorsFilter(urlBasedCorsConfigurationSource); } }
@Configuration public class MvcConfig implements WebMvcConfigurer { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") //.allowedHeaders("Origin", "X-Requested-With", "Content-Type", "Accept", "X-Token", "content-type") .allowedHeaders("*") //服务器允许的请求头 .allowedMethods("POST", "PUT", "GET", "OPTIONS", "DELETE") //服务器允许的请求方法 .allowCredentials(true) //允许带 cookie 的跨域请求 .allowedOrigins("*") //服务端允许哪些域请求资源 .maxAge(3600); //预检请求的缓存时间 } }
@Bean public FilterRegistrationBean<CorsFilter> corsFilter() { FilterRegistrationBean<CorsFilter> corsFilterFilterRegistrationBean = new FilterRegistrationBean<>(); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration corsConfiguration = new CorsConfiguration(); corsConfiguration.addAllowedHeader("*"); corsConfiguration.addAllowedOrigin("*"); corsConfiguration.setAllowedMethods(Arrays.asList("POST", "PUT", "GET", "OPTIONS", "DELETE")); corsConfiguration.setAllowCredentials(true); corsConfiguration.setMaxAge(3600L); source.registerCorsConfiguration("/**", corsConfiguration); corsFilterFilterRegistrationBean.setFilter(new CorsFilter(source)); corsFilterFilterRegistrationBean.setOrder(-1); return corsFilterFilterRegistrationBean; }
package com.lemon.springboot.controller; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.web.bind.annotation.CrossOrigin; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; import java.util.HashMap; import java.util.Map; /** * @author lemon */ @RestController @RequestMapping("/api") public class ApiController { private static final Logger logger = LoggerFactory.getLogger(ApiController.class); @CrossOrigin({"http://localhost:8081", "http://localhost:8082"}) @RequestMapping("/get") public Map<String, Object> get(@RequestParam String name) { Map<String, Object> map = new HashMap<>(); map.put("title", "hello world"); map.put("name", name); return map; } }