方式一:注解方式
// 将跨域访问的接口添加此注解, 也可放在Controller上
@CrossOrigin(origins = "*", maxAge = 3600)
方式二: 全局加, 在启动类中添加以下代码(效果同方式一)
@Bean
public CorsFilter corsFilter() {
final UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
final CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.setAllowCredentials(true);
corsConfiguration.addAllowedOrigin("*");
corsConfiguration.addAllowedHeader("*");
corsConfiguration.addAllowedMethod("*");
urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
return new CorsFilter(urlBasedCorsConfigurationSource);
}
重点:以上两种方法会造成 拦截器 走两遍, 如果有在header 中取值时, 第一遍取不到, 导致报错
方式三 终极版
@Order(Ordered.HIGHEST_PRECEDENCE)
@WebFilter(filterName = "crossFilter", urlPatterns = "/*")
@Component
public class CrossFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest servletRequest = (HttpServletRequest) request;
HttpServletResponse servletResponse = (HttpServletResponse) response;
servletResponse.setHeader("Access-Control-Allow-Origin", servletRequest.getHeader("Origin"));
servletResponse.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, DELETE,PATCH");
servletResponse.setHeader("Access-Control-Allow-Headers", "DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,SessionToken,Cookie");
servletResponse.setHeader("Access-Control-Max-Age", "3600");
servletResponse.setHeader("Access-Control-Allow-Credentials", "true");
servletResponse.setHeader("Access-Control-Expose-Headers", "*");
//判断是否为可选择性批量操作的请求,设置状态码返回
if ("OPTIONS".equals(servletRequest.getMethod())) {
servletResponse.setStatus(HttpStatus.ACCEPTED.value());
return;
}
filterChain.doFilter(request, response);
}
@Override
public void destroy() {
}
}
