zoukankan      html  css  js  c++  java
  • 关于出现2次 Access-Control-Allow-Origin:* 导致跨域失败

    1.在代码端(Spring boot)增加以下跨域代码

    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.context.annotation.Configuration;
    import org.springframework.core.env.Environment;
    
    
    import javax.servlet.*;
    import javax.servlet.annotation.WebFilter;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import java.io.IOException;
    
    @WebFilter(filterName = "CorsFilter ")
    @Configuration
    public class CorsFilter implements Filter {
        @Autowired
        private Environment env; 
    
        @Override
        public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
            HttpServletRequest request = (HttpServletRequest) req;
            HttpServletResponse response = (HttpServletResponse) res;
    
            //允许跨域的域名列表,多个用逗号隔开
            String alloworigin = env.getProperty("alloworigin");
            //是否允许带cookie内容
            String allowCredentials = env.getProperty("allowCredentials");
    
            response.setHeader("Access-Control-Allow-Origin",alloworigin);
            //注意:要把 Access-Control-Allow-Credentials 设置为 False,否则本地开发调试会发生跨域
            response.setHeader("Access-Control-Allow-Credentials", allowCredentials);
            response.setHeader("Access-Control-Allow-Methods", "GET, POST, HEAD, OPTION");
            response.setHeader("Access-Control-Max-Age", "3600");
            //response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Connection, User-Agent, Cookie, username, usertoken, lan_ip, net_ip, wxapitoken");
            response.setHeader("Access-Control-Allow-Headers", "x-requested-with,Cache-Control,Pragma,Content-Type,Token, username, usertoken ");
            response.setHeader("Access-Control-Expose-Headers", "username, usertoken ");
    
            String method = request.getMethod();
            if (method.equalsIgnoreCase("OPTIONS")) {
                res.getOutputStream().write("Success".getBytes("utf-8"));
            } else {
                chain.doFilter(req, res);
            }
        }
    }

    2.在Ngnix或Tomcat的配置中不要再设置 Access-Control-Allow-Origin:* 

       tomcat是在 conf/web.xml 文件里配置的,全文搜索 Origin 即可找到,如果有设置需要屏蔽;

  • 相关阅读:
    js
    原型、原型链、闭包、继承
    js6.22
    js
    js
    在浏览器窗口上添加一个遮罩层
    git使用笔记
    前端开发面试题
    Web Worker
    js实现图片预加载
  • 原文地址:https://www.cnblogs.com/lpq21314/p/15271969.html
Copyright © 2011-2022 走看看