org.ebaysf.web的cors-filter使用,cors-filter跨域请求
================================
©Copyright 蕃薯耀 2020-11-26
https://www.cnblogs.com/fanshuyao/
cors-filter为第三方(ebay)组件。
一、官网地址
https://github.com/ebay/cors-filter
二、Springboot使用cors-filter
1、引入依赖
<dependency> <groupId>org.ebaysf.web</groupId> <artifactId>cors-filter</artifactId> <version>1.0.1</version> </dependency>
2、配置类
import javax.servlet.Filter; import org.ebaysf.web.cors.CORSFilter; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; /** * 过滤器配置类 */ @Configuration public class HttpFilterConfig { /** * org.ebaysf.web cors-filter * @return */ @Bean public FilterRegistrationBean<Filter> corsFilter() { FilterRegistrationBean<Filter> registration = new FilterRegistrationBean<>(); registration.setFilter(new CORSFilter());//org.ebaysf.web.cors.CORSFilter //这个可直接不配置 //Defaults: true registration.addInitParameter("cors.support.credentials", "true"); //这个可直接不配置 //Defaults: * (Any origin is allowed to access the resource). registration.addInitParameter("cors.allowed.origins", "http://127.0.0.1:7010"); //这个可直接不配置 //Defaults: GET,POST,HEAD,OPTIONS registration.addInitParameter("cors.allowed.methods", "GET,POST"); //这个可直接不配置 // Defaults: Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers registration.addInitParameter("cors.allowed.headers", "*"); //这个可直接不配置 //Default: None registration.addInitParameter("cors.exposed.headers", ""); //这个可直接不配置 //Defaults: 1800。3600表示一个小时 registration.addInitParameter("cors.preflight.maxage", "3600"); //这个可直接不配置 //A flag to control logging to container logs. Defaults: false registration.addInitParameter("cors.logging.enabled", "true"); //这个可直接不配置 //A flag to control if the request should be decorated or not. Defaults: true registration.addInitParameter("cors.request.decorate", "true"); registration.setName("CORSFilter"); //过滤器名称 registration.addUrlPatterns("/*");//过滤路径 registration.setOrder(1); //设置顺序 return registration; } }
三、Spring Web应用使用cors-filter
1、引入Jar包,放在项目的/WEB-INF/lib/目录下
cors-filter-1.0.1.jar
下载地址:
https://repo1.maven.org/maven2/org/ebaysf/web/cors-filter/1.0.1/cors-filter-1.0.1.jar
2、在WEB-INF/web.xml配置过滤器
<filter> <filter-name>CORS Filter</filter-name> <filter-class>org.ebaysf.web.cors.CORSFilter</filter-class> </filter> <filter-mapping> <filter-name>CORS Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
四、参数
cors.allowed.origins
A list of origins that are allowed to access the resource. A '*' can be specified to enable access to resource from any origin. Otherwise, a whitelist of comma separated origins can be provided. Ex: http://www.w3.org, https://www.apache.org. Defaults: * (Any origin is allowed to access the resource).
cors.allowed.methods
A comma separated list of HTTP methods that can be used to access the resource, using cross-origin requests. These are the methods which will also be included as part of 'Access-Control-Allow-Methods' header in a pre-flight response. Ex: GET,POST. Defaults: GET,POST,HEAD,OPTIONS
cors.allowed.headers
A comma separated list of request headers that can be used when making an actual request. These header will also be returned as part of 'Access-Control-Allow-Headers' header in a pre-flight response. Ex: Origin,Accept. Defaults: Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers
cors.exposed.headers
A comma separated list of headers other than the simple response headers that browsers are allowed to access. These are the headers which will also be included as part of 'Access-Control-Expose-Headers' header in the pre-flight response. Ex: X-CUSTOM-HEADER-PING,X-CUSTOM-HEADER-PONG. Default: None
cors.preflight.maxage
The amount of seconds, browser is allowed to cache the result of the pre-flight request. This will be included as part of 'Access-Control-Max-Age' header in the pre-flight response. A negative value will prevent CORS Filter from adding this response header from pre-flight response. Defaults: 1800
cors.support.credentials
A flag that indicates whether the resource supports user credentials. This flag is exposed as part of 'Access-Control-Allow-Credentials' header in a pre-flight response. It helps browser determine whether or not an actual request can be made using credentials. Defaults: true
cors.logging.enabled
A flag to control logging to container logs. Defaults: false
cors.request.decorate
A flag to control if the request should be decorated or not. Defaults: true
To override filter configuration defaults, specify them in the init-params while configuring the filter in web.xml. Example:
参数配置示例(Xml)
<filter> <filter-name>CORS Filter</filter-name> <filter-class>org.ebaysf.web.cors.CORSFilter</filter-class> <init-param> <description>A comma separated list of allowed origins. Note: An '*' cannot be used for an allowed origin when using credentials.</description> <param-name>cors.allowed.origins</param-name> <param-value>http://localhost:8080,http://localhost.ebay.com:8080</param-value> </init-param> <init-param> <description>A comma separated list of HTTP verbs, using which a CORS request can be made.</description> <param-name>cors.allowed.methods</param-name> <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value> </init-param> <init-param> <description>A comma separated list of allowed headers when making a non simple CORS request.</description> <param-name>cors.allowed.headers</param-name> <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value> </init-param> <init-param> <description>A comma separated list non-standard response headers that will be exposed to XHR2 object.</description> <param-name>cors.exposed.headers</param-name> <param-value></param-value> </init-param> <init-param> <description>A flag that suggests if CORS is supported with cookies</description> <param-name>cors.support.credentials</param-name> <param-value>true</param-value> </init-param> <init-param> <description>A flag to control logging</description> <param-name>cors.logging.enabled</param-name> <param-value>true</param-value> </init-param> <init-param> <description>Indicates how long (in seconds) the results of a preflight request can be cached in a preflight result cache.</description> <param-name>cors.preflight.maxage</param-name> <param-value>10</param-value> </init-param> </filter> <filter-mapping> <filter-name>CORS Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
总结:cors跨域请求解决方案(建议采用方案1)
1、springboot CORS 跨域请求解决三大方案,springboot CorsFilter解决跨域问题
https://www.cnblogs.com/fanshuyao/p/14030944.html
2、cors-filter使用,cors-filter解决跨域访问,cors-filter跨域请求
https://www.cnblogs.com/fanshuyao/p/14036848.html
3、org.ebaysf.web的cors-filter使用,cors-filter跨域请求
https://www.cnblogs.com/fanshuyao/p/14042293.html
4、java tomcat-catalina CorsFilter使用,apache tomcat-catalina CorsFilter使用
https://www.cnblogs.com/fanshuyao/p/14042420.html
5、springboot jsonp 跨域请求,springboot使用jsonp跨域
https://www.cnblogs.com/fanshuyao/p/14034014.html
================================
©Copyright 蕃薯耀 2020-11-26
https://www.cnblogs.com/fanshuyao/