SSM跨域拦截设置

package com.donleo.ssm.filter;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @author liangd
 * date 2020-11-17 17:05
 * code 跨域设置
 */
public class CrossDomainFilter implements Filter {
    private boolean isCross = false;

    @Override
    public void destroy() {
        isCross = false;
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        if (isCross) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) request;
            HttpServletResponse httpServletResponse = (HttpServletResponse) response;
            System.out.println("拦截请求: " + httpServletRequest.getServletPath());
            httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
　　　　　　　　　//允许cookie跨域设置
　　　　　　　　　//httpServletResponse.setHeader("Access-Control-Allow-Origin", httpServletRequest.getHeader("Origin"));

            httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
            httpServletResponse.setHeader("Access-Control-Max-Age", "0");
            httpServletResponse.setHeader("Access-Control-Allow-Headers",
                    "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token");
            httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
            httpServletResponse.setHeader("XDomainRequestAllowed", "1");
        }
        chain.doFilter(request, response);
    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        String isCrossStr = filterConfig.getInitParameter("IsCross");
        isCross = isCrossStr.equals("true") ? true : false;
        System.out.println(isCrossStr);
    }
}

• 如果前端设了允许跨域携带cookie，服务器可能会报错:需要制定一个具体的请求源，
• httpServletRequest.getHeader("Origin") 方法直接获取请求源的地址；
• 例如，发送求的地址是：localhost:8058,那么httpServletRequest.getHeader("Origin")就会获得localhost:8058
• 意思就是：谁来请求我，我就允许谁请求。

前端Ajax发送请求

function MyAjax(url,data,type,callback) {
   let user=$.cookie("token")
   $.ajax({
       url:URL+url,
       type:type,
       contentType:"application/json; charset=utf-8",
       headers:{
           "Authorization":$.cookie("token")
      },
       dataType:"json",
       data:data,
       //
       xhrFields: {
           withCredentials: true //允许跨域带Cookie
      },
       success:function (res) {
           AssertToken(res)
           callback(res);
           // console.log(res)
      },
       error:function (err) {
           // console.log(err)
      }
  })
}