服务端跨域问题

          关于response.setHeader("Access-Control-Allow-Origin", "*");失效

response.setHeader("Access-Control-Allow-Origin", "*");

          修改为

String origin = request.getHeader("Origin");
response.setHeader("Access-Control-Allow-Origin", origin);

         跨域的起因是因为服务端个前端不在同一个域名、端口下,访问的话就会造成跨域问题,跨域一般你的解决方式是在fileter(过滤器)中设置

response.setHeader("Access-Control-Allow-Origin", "*");即可,如下图

    /**
     * @param res 请求对象
     * @param req 响应对象
     * @param chain
     */
    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest request =(HttpServletRequest)req;
        HttpServletResponse response = (HttpServletResponse) res;
        request.setCharacterEncoding("utf-8");
        response.setCharacterEncoding("utf-8");
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE,PUT");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers");
        response.setHeader("Access-Control-Exposed-Headers", "Access-Control-Allow-Origin,Access-Control-Allow-Credentials");
        response.setHeader("Access-Control-Support-Credentials", "true");
        chain.doFilter(req, res);
    }

       但有时会出现设置无效的情况,这时候我们就需要修改成:

        String origin = request.getHeader("Origin");
        response.setHeader("Access-Control-Allow-Origin", origin);

 /**
     * @param res 请求对象
     * @param req 响应对象
     * @param chain
     */
    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest request =(HttpServletRequest)req;
        HttpServletResponse response = (HttpServletResponse) res;
        request.setCharacterEncoding("utf-8");
        response.setCharacterEncoding("utf-8");
        String origin = request.getHeader("Origin");
        response.setHeader("Access-Control-Allow-Origin", origin);
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE,PUT");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers");
        response.setHeader("Access-Control-Exposed-Headers", "Access-Control-Allow-Origin,Access-Control-Allow-Credentials");
        response.setHeader("Access-Control-Support-Credentials", "true");
        chain.doFilter(req, res);
    }

        Origin字段主要是用来标识出最初请求是从哪里发起的,所以当设置为*时无效,我们就直接从ServletRequest请求对象中直接拿到当前的请求与源,然后将其设置为允许即可

版权声明：本文为博主原创文章，转载请注明出处(https://blog.csdn.net/F1004145107/article/details/82558340)