一、zuul跨域:配置方式
application.yml
zuul:
sensitive-headers: Access-Control-Allow-Origin
ignored-headers:Access-Control-Allow-Origin,H-APP-Id,Token,APPToken
二、gateway跨域:过滤器方式
Spring Cloud Gateway 2.x NettyRoutingFilter 有bug,会重复设置跨域,所以需要在NettyRoutingFilter之后紧接着将重复的跨域取消掉
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.cloud.gateway.filter.NettyWriteResponseFilter;
import org.springframework.core.Ordered;
import org.springframework.http.HttpHeaders;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
import java.util.ArrayList;
public class CorsResponseHeaderFilter implements GlobalFilter, Ordered {
@Override
public int getOrder() {
// 指定此过滤器位于NettyWriteResponseFilter之后
// 即待处理完响应体后接着处理响应头
return NettyWriteResponseFilter.WRITE_RESPONSE_FILTER_ORDER + 1;
}
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
return chain.filter(exchange).then(Mono.defer(() -> {
exchange.getResponse().getHeaders().entrySet().stream()
.filter(kv -> (kv.getValue() != null && kv.getValue().size() > 1))
.filter(kv -> (kv.getKey().equals(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN) ||
kv.getKey().equals(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS)))
.forEach(kv -> {
kv.setValue(new ArrayList<String>() {
{
add(kv.getValue().get(0));
}});
});
return chain.filter(exchange);
}));
}
}
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.reactive.CorsWebFilter;
import org.springframework.web.cors.reactive.DefaultCorsProcessor;
import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.util.pattern.PathPatternParser;
@Configuration
public class CorsConfig {
@Bean
public CorsResponseHeaderFilter corsResponseHeaderFilter() {
return new CorsResponseHeaderFilter();
}
@Bean
public CorsWebFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(new PathPatternParser());
source.registerCorsConfiguration("/**", buildCorsConfiguration());
CorsWebFilter corsWebFilter = new CorsWebFilter(source, new DefaultCorsProcessor() {
@Override
protected boolean handleInternal(ServerWebExchange exchange, CorsConfiguration config,
boolean preFlightRequest) {
return super.handleInternal(exchange, config, preFlightRequest);
}
});
return corsWebFilter;
}
private CorsConfiguration buildCorsConfiguration() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.addAllowedOrigin("*");
corsConfiguration.addAllowedMethod("*");
corsConfiguration.addAllowedHeader("*");
corsConfiguration.setMaxAge(7200L);
corsConfiguration.setAllowCredentials(true);
return corsConfiguration;
}
}
补充说明:
1、跨域是前端使用options请求方式进行url验证请求时使用
2、服务端处理思路为,向response的header中返回是否允许跨域,允许的请求方式、允许的Header信息等,前端options方式获取到允许跨域头信息,方可调用正常业务接口
3、微服务下需要网关层配置允许跨域,业务层不配置跨域,否则前端会提示不支持跨域或重复配置跨域问题