SpringBoot跨域和不能生效的问题感谢这位大佬
网上的方法很多,测试了几个可行的方式(需要特别注意的是,网上很多代码搞过来都不能用,测试发现跨域请求能否正常走下去,取决于你的跨域请求会不会被其它拦截器拦截,假设你的系统使用shiro权限,那么大概率会被首先拦截因为没有经过跨域授权处理,直接告诉客户端禁止跨域,因此针对网上的方法,稍作调整):
方式一:(有效!!Nice!!)
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
@Configuration
public class GlobalCorsConfig {
@Bean
public FilterRegistrationBean corsFilter() {
//1.添加CORS配置信息
CorsConfiguration config = new CorsConfiguration();
//1) 允许的域,不要写*,否则cookie就无法使用了
// config.addAllowedOrigin("http://localhost:8081");
// config.addAllowedOrigin("http://192.168.59.168:8081");
config.addAllowedOrigin("*");
//2) 是否发送Cookie信息
config.setAllowCredentials(true);
//3) 允许的请求方式
config.addAllowedMethod("OPTIONS");
config.addAllowedMethod("HEAD");
config.addAllowedMethod("GET");
config.addAllowedMethod("PUT");
config.addAllowedMethod("POST");
config.addAllowedMethod("DELETE");
config.addAllowedMethod("PATCH");
config.setMaxAge(3600L);
// 4)允许的头信息
config.addAllowedHeader("*");
//2.添加映射路径,我们拦截一切请求
UrlBasedCorsConfigurationSource configSource = new UrlBasedCorsConfigurationSource();
configSource.registerCorsConfiguration("/**", config);
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(configSource));
bean.setOrder(0);//利用FilterRegistrationBean,将拦截器注册靠前,避免被其它拦截器首先执行
return bean;
}
}
方式二:
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)//控制过滤器的级别最高
public class CosFilter implements Filter {
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest reqs = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin", reqs.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type,X-Requested-With");
response.setHeader("Access-Control-Max-Age", "3600");
if ("OPTIONS".equalsIgnoreCase(((HttpServletRequest) req).getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
filterChain.doFilter(req, res);
}
}
}
方式三:(大概率不好用,会被拦截)
包括网上说的这种(需要注意这种方式,会被shiro之类的先拦截,浏览器只会出现“同源策略禁止读取”,要想看到效果,需要shiro放开这个请求):
@Configuration
public class MyConfiguration extends WebMvcConfigurerAdapter {
@Override public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowCredentials(true)
.allowedHeaders("*")
.allowedOrigins("*")
.allowedMethods("*");
}
}
方式四:(有效,有点麻烦,总忘)
还有一种方式,简单粗暴,直接配置在类或者方法上面
@CrossOrigin(origins = {"http://localhost:8081", "http://xxxx:8081"})
