zoukankan      html  css  js  c++  java

  • cors-filter使用,cors-filter解决跨域访问,cors-filter跨域请求

    cors-filter使用,cors-filter解决跨域访问,cors-filter跨域请求

    ================================

    ©Copyright 蕃薯耀 2020-11-25

    https://www.cnblogs.com/fanshuyao/

    cors-filter为第三方组件。

    一、官网地址

    http://software.dzhuvinov.com/cors-filter.html

    二、Springboot使用cors-filter

    1、引入依赖

    <dependency>
    <groupId>com.thetransactioncompany</groupId>
    <artifactId>cors-filter</artifactId>
    <version>2.9</version>
</dependency>

    2、配置类

    import javax.servlet.Filter;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import com.thetransactioncompany.cors.CORSFilter;

/**
 * 使用配置方式开发Filter,否则其中的自动注入无效
 *
 * @author Chris.Liao
 */
@Configuration
public class HttpFilterConfig {

    /**
     * com.thetransactioncompany cors-filter
     * @return
     */
    @Bean
    public FilterRegistrationBean<Filter> corsFilter() {
        FilterRegistrationBean<Filter> registration = new FilterRegistrationBean<>();
        
        registration.setFilter(new CORSFilter()); 
        
        //cors.supportsCredentials {true|false} defaults to true.
        //registration.addInitParameter("cors.supportsCredentials", "true");
        
        registration.addInitParameter("cors.allowOrigin", "http://127.0.0.1:7010,http://lqy.com:7010");//不符合时,报错:Cross-Origin Resource Sharing (CORS) Filter: CORS origin denied
        
        //cors.supportedMethods {method-list} defaults to "GET, POST, HEAD, OPTIONS".
        registration.addInitParameter("cors.supportedMethods", "GET,POST");//不符合时,报错:Cross-Origin Resource Sharing (CORS) Filter: Unsupported HTTP method
        
        //cors.supportedHeaders {"*"|header-list} defaults to *.
        //registration.addInitParameter("cors.supportedHeaders", "*");
        
        //cors.exposedHeaders {header-list} defaults to empty list.
        //registration.addInitParameter("cors.exposedHeaders", "");
        
        //cors.maxAge {int} defaults to -1 (unspecified).3600表示一个小时
        registration.addInitParameter("cors.maxAge", "3600");
        
        //cors.allowSubdomains {true|false} defaults to false.
        //cors.allowGenericHttpRequests {true|false} defaults to true.
        //cors.tagRequests {true|false} defaults to false (no tagging).
        
        registration.setName("CORSFilter"); //过滤器名称
        registration.addUrlPatterns("/*");//过滤路径
        registration.setOrder(1); //设置顺序
        return registration;
    }
}

    三、Spring Web应用使用cors-filter

    1、引入Jar包(2个),放在项目的/WEB-INF/lib/目录下

    cors-filter-2.9.jar

    java-property-utils-1.13.jar

    下载地址:

    https://repo1.maven.org/maven2/com/thetransactioncompany/cors-filter/2.9/cors-filter-2.9.jar

    https://repo1.maven.org/maven2/com/thetransactioncompany/java-property-utils/1.13/java-property-utils-1.13.jar

    当前最新版为:2.9

    2、在WEB-INF/web.xml配置过滤器

    最简单的配置:

    <filter>
    <filter-name>CORS</filter-name>
    <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
</filter>
<filter-mapping>
        <filter-name>CORS</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>

    带初始化参数的配置:

    <filter>
        <filter-name>CORS</filter-name>
        <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>

        <init-param>
                <param-name>cors.allowOrigin</param-name>
                <param-value>http://example.com</param-value>
        </init-param>
</filter>

    四、cors-filter 初始化参数:

    cors.allowGenericHttpRequests

cors.allowOrigin

cors.allowSubdomains

cors.supportedMethods

cors.supportedHeaders

cors.exposedHeaders

cors.supportsCredentials

cors.maxAge

cors.tagRequests

    cors.allowGenericHttpRequests {true|false} defaults to true.

    If true generic HTTP requests will be allowed to pass through the filter, else only valid and accepted CORS requests will be allowed (strict CORS filtering).

    cors.allowOrigin {"*"|origin-list} defaults to *.
    Whitespace-separated list of origins that the CORS filter must allow. Requests from origins not included here will be refused with an HTTP 403 "Forbidden" response. If set to * (asterisk) any origin will be allowed.

    cors.allowSubdomains {true|false} defaults to false.
    If true the CORS filter will allow requests from any origin which is a subdomain origin of the allowed origins. A subdomain is matched by comparing its scheme and suffix (host name / IP address and optional port number).

    cors.supportedMethods {method-list} defaults to "GET, POST, HEAD, OPTIONS".
    List of the supported HTTP methods. These are advertised through the Access-Control-Allow-Methods header and must also be implemented by the actual CORS web service. Requests for methods not included here will be refused by the CORS filter with an HTTP 405 "Method not allowed" response.

    cors.supportedHeaders {"*"|header-list} defaults to *.
    The names of the supported author request headers. These are advertised through the Access-Control-Allow-Headers header.

    If the configuration property value is set to * (asterisk) any author request header will be allowed. The CORS Filter implements this by simply echoing the requested value back to the browser.

    cors.exposedHeaders {header-list} defaults to empty list.
    List of the response headers other than simple response headers that the browser should expose to the author of the cross-domain request through the XMLHttpRequest.getResponseHeader() method. The CORS filter supplies this information through the Access-Control-Expose-Headers header.

    cors.supportsCredentials {true|false} defaults to true.
    Indicates whether user credentials, such as cookies, HTTP authentication or client-side certificates, are supported. The CORS filter uses this value in constructing the Access-Control-Allow-Credentials header.

    cors.maxAge {int} defaults to -1 (unspecified).
    Indicates how long the results of a preflight request can be cached by the web browser, in seconds. If -1 unspecified. This information is passed to the browser via the Access-Control-Max-Age header.

    cors.tagRequests {true|false} defaults to false (no tagging).
    Enables HTTP servlet request tagging to provide CORS information to downstream handlers (filters and/or servlets).

    总结:cors跨域请求解决方案(建议采用方案1)

    1、springboot CORS 跨域请求解决三大方案,springboot CorsFilter解决跨域问题

    https://www.cnblogs.com/fanshuyao/p/14030944.html

    2、cors-filter使用,cors-filter解决跨域访问,cors-filter跨域请求

    https://www.cnblogs.com/fanshuyao/p/14036848.html

    3、org.ebaysf.web的cors-filter使用,cors-filter跨域请求

    https://www.cnblogs.com/fanshuyao/p/14042293.html

    4、java tomcat-catalina CorsFilter使用,apache tomcat-catalina CorsFilter使用

    https://www.cnblogs.com/fanshuyao/p/14042420.html

    5、springboot jsonp 跨域请求,springboot使用jsonp跨域

    https://www.cnblogs.com/fanshuyao/p/14034014.html

    ================================

    ©Copyright 蕃薯耀 2020-11-25

    https://www.cnblogs.com/fanshuyao/
  • 相关阅读:
    第一次冲次(补)
    软件工程概论个人总结
    第16周进度条
    读《梦断代码》第2章有感
    java.lang.ClassNotFoundException: com.microsoft.sqlserver.jdbc.SQLServerDriver
    传入的表格格式数据流(TDS)远程过程调用(RPC)协议流不正确。参数 1 (""): 数据类型 0x38 未知。
    怎么卸载VS2005呢?控制面板里内容太多,找不出哪些是属于VS2005?我的VS2005出问题了
    常用正则表达式的写法
    Http响应头字段详解,MyEclipse配置tomcat,servlet运行方式
    html框架 字体颜色 列表 表格 图片 定义列表 a标签
  • 原文地址:https://www.cnblogs.com/fanshuyao/p/14036848.html
Copyright © 2011-2022 走看看