Spring Boot 解决跨域问题
浏览器接口信息
Request URL: http://127.0.0.1:8014/backtest/test1
Request Method: POST
Status Code: 200
Remote Address: 127.0.0.1:8014
Referrer Policy: no-referrer-when-downgrade
- 一个请求地址如上所示,若请求的协议 、域名 、 端口号均相同,那么就是同域,否则那么就是不同域了。
浏览器接口请求头信息
Accept: application/json, text/plain,*/* ;
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Connection: keep-alive
Content-Length: 0
Content-Type: application/x-www-form-urlencoded
Host: 127.0.0.1:8014 //接受请求的服务器地址
Origin: http://localhost:8081 //发送请求的源站点
Referer: http://localhost:8081/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
浏览器接口响应信息
Access-Control-Allow-Origin: * //表示服务器允许所有域的请求
Content-Type: application/json;charset=UTF-8 //客户端返回的类型
Date: Tue, 14 Jul 2020 12:36:41 GMT
Transfer-Encoding: chunked
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
SpringBoot 配置跨域方式一:注入CorsFilter
@Configuration
public class CorsConfig {
private static final Logger logger = LoggerFactory.getLogger(CorsConfig.class);
private CorsConfiguration buidConfig() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.addAllowedOrigin("*");
corsConfiguration.addAllowedHeader("*");
corsConfiguration.addAllowedMethod("*");
return corsConfiguration;
}
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", buidConfig());
logger.info("===========配置跨域问题!");
return new CorsFilter(source);
}
}
SpringBoot 配置跨域方式二:过滤器
@Component
public class CorsFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest reqs = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin",reqs.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {}
public void destroy() {}
}