zoukankan      html  css  js  c++  java
  • 关于出现2次 Access-Control-Allow-Origin:* 导致跨域失败

    1.在代码端(Spring boot)增加以下跨域代码

    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.context.annotation.Configuration;
    import org.springframework.core.env.Environment;
    
    
    import javax.servlet.*;
    import javax.servlet.annotation.WebFilter;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import java.io.IOException;
    
    @WebFilter(filterName = "CorsFilter ")
    @Configuration
    public class CorsFilter implements Filter {
        @Autowired
        private Environment env; 
    
        @Override
        public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
            HttpServletRequest request = (HttpServletRequest) req;
            HttpServletResponse response = (HttpServletResponse) res;
    
            //允许跨域的域名列表,多个用逗号隔开
            String alloworigin = env.getProperty("alloworigin");
            //是否允许带cookie内容
            String allowCredentials = env.getProperty("allowCredentials");
    
            response.setHeader("Access-Control-Allow-Origin",alloworigin);
            //注意:要把 Access-Control-Allow-Credentials 设置为 False,否则本地开发调试会发生跨域
            response.setHeader("Access-Control-Allow-Credentials", allowCredentials);
            response.setHeader("Access-Control-Allow-Methods", "GET, POST, HEAD, OPTION");
            response.setHeader("Access-Control-Max-Age", "3600");
            //response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Connection, User-Agent, Cookie, username, usertoken, lan_ip, net_ip, wxapitoken");
            response.setHeader("Access-Control-Allow-Headers", "x-requested-with,Cache-Control,Pragma,Content-Type,Token, username, usertoken ");
            response.setHeader("Access-Control-Expose-Headers", "username, usertoken ");
    
            String method = request.getMethod();
            if (method.equalsIgnoreCase("OPTIONS")) {
                res.getOutputStream().write("Success".getBytes("utf-8"));
            } else {
                chain.doFilter(req, res);
            }
        }
    }

    2.在Ngnix或Tomcat的配置中不要再设置 Access-Control-Allow-Origin:* 

       tomcat是在 conf/web.xml 文件里配置的,全文搜索 Origin 即可找到,如果有设置需要屏蔽;

  • 相关阅读:
    SQL Server的AlwaysOn错误19456和41158
    kvm上的Linux虚拟机使用virtio磁盘
    利用HAProxy代理SQL Server的AlwaysOn辅助副本
    KVM安装部署
    ola.hallengren的SQL Server维护脚本
    在单链表的第i个位置后插入一个节点(阿里+腾讯等面试题总结)
    怎么发现RAC环境中'library cache pin'等待事件的堵塞者(Blocker)?
    php unserialize 返回false的解决方法
    千万别让这些举动断送了你的职业前程-好文共分享
    Android开发:仿美团下拉列表菜单,帮助类,复用简单
  • 原文地址:https://www.cnblogs.com/lpq21314/p/15271969.html
Copyright © 2011-2022 走看看