官方文档:https://www.getambassador.io/docs/latest/topics/using/cors/
Cross-Origin Resource Sharing-CORS
CORS的配置可以设置在ambassador的Module或者Mapping中,当CORS设置在Module或者Mapping中时,ambassador拦截OPTIONS请求,请响应CORS头。这意味着您将不需要在你的upstreams中实现任何逻辑来处理这些CORS选项请求。
设置cors属性
将以下域名设置到Access-Control-Allow-Origin头中,如果允许所有域名,可以设置成“*”
origins: - http://foo.example - http://bar.example
设置允许的方法到Access-Control-Allow-Methods
methods: - GET - POST - OPTIONS
可以设置数据格式headers: Content-Type,到Access-Control-Allow-Headers
headers:
- Content-Type
credentials 对应Access-Control-Allow-Credentials
exposed_headers 对应Access-Control-Expose-Headers
例子:
--- apiVersion: getambassador.io/v2 kind: Mapping metadata: name: cors spec: prefix: /cors/ service: cors-example cors: origins: http://foo.example,http://bar.example methods: POST, GET, OPTIONS headers: Content-Type credentials: true exposed_headers: X-Custom-Header max_age: "86400"
Spring Boot 2.0.1 中跨域
@EnableWebSecurity class SecurityConfig extends WebSecurityConfigurerAdapter { public void configure(final HttpSecurity http) throws Exception { http .cors().configurationSource(new PermissiveCorsConfigurationSource()).and() .csrf().disable() .authorizeRequests() .antMatchers("**").permitAll(); } private static class PermissiveCorsConfigurationSource implements CorsConfigurationSource { /** * Return a {@link CorsConfiguration} based on the incoming request. * * @param request * @return the associated {@link CorsConfiguration}, or {@code null} if none */ @Override public CorsConfiguration getCorsConfiguration(final HttpServletRequest request) { final CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowCredentials(true); configuration.setAllowedHeaders(Collections.singletonList("*")); configuration.setAllowedMethods(Collections.singletonList("*")); configuration.setAllowedOrigins(Collections.singletonList("*")); return configuration; } } }