The project used by the company these days is separation of front-end and back-end (VUE+springboot), and then encountered cross-domain problems. Cross-domain problems are not encountered for the first time, so the solution is recorded here.
First understand what cross-
domain is : cross-domain means that page a wants to obtain resources of page b. If the protocols, domain names, ports, and subdomains of pages a and b are different, or page a is an ip address, page b is a domain name address , The access actions performed are all cross-domain, and browsers generally restrict cross-domain access for security reasons, that is, cross-domain requests for resources are not allowed.
There should be quite a lot of solutions, and I have posted several commonly used ones here.
The first solution
@Configuration
public class WebConfig extends WebMvcConfigurerAdapter {
@Autowired
private EnvConfig envConfig;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new HandlerInterceptor() {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
boolean isTrue = envConfig.getIsDev();//判断是测试服才需要解决跨域问题
if (isTrue) {
response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
response.addHeader("Access-Control-Allow-Headers",
"Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,token");
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
Exception ex) throws Exception {
}
});
}
}
Note that if your request header contains custom parameters such as token, put the parameter name in
response.addHeader("Access-Control-Allow-Headers",
"Content-Type,X-Requested-With, accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,token”); inside, otherwise it will still prompt the existence of cross-domain problems.
The second solution:
public class SimpleCORSFilter implements Filter{
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
//如果要加上自定义请求头,要把参数名放入其中
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
chain.doFilter(req, res);
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}