赞
踩
方法一:
@Configuration public class GlobalCorsConfig { @Bean public FilterRegistrationBean<CorsFilter> corsFilter() { // 创建 UrlBasedCorsConfigurationSource 配置源,类似 CorsRegistry 注册表 UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); // 创建 CorsConfiguration 配置,相当于 CorsRegistration 注册信息 CorsConfiguration config = new CorsConfiguration(); config.setAllowedOrigins(Collections.singletonList("*")); // 允许所有请求来源 config.setAllowCredentials(true); // 允许发送 Cookie config.addAllowedMethod("*"); // 允许所有请求 Method config.setAllowedHeaders(Collections.singletonList("*")); // 允许所有请求 Header // config.setExposedHeaders(Collections.singletonList("*")); // 允许所有响应 Header config.setMaxAge(1800L); // 有效期 1800 秒,2 小时 source.registerCorsConfiguration("/**", config); // 创建 FilterRegistrationBean 对象 FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<>( new CorsFilter(source)); // 创建 CorsFilter 过滤器 bean.setOrder(Integer.MIN_VALUE ); // 设置 order 排序。这个顺序很重要哦,为避免麻烦请设置在最前 return bean; } }
方法二:
@Configuration public class GlobalCorsConfig { /** * 允许跨域调用的过滤器 */ @Bean public CorsFilter corsFilter() { CorsConfiguration config = new CorsConfiguration(); //允许所有域名进行跨域调用 config.addAllowedOrigin("*"); //允许跨越发送cookie config.setAllowCredentials(true); //放行全部原始头信息 config.addAllowedHeader("*"); //允许所有请求方法跨域调用 config.addAllowedMethod("*"); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", config); return new CorsFilter(source); } }
整合shiro框架的话,可以在自定义Filter设置
/** * 对跨域提供支持 */ @Override protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception { HttpServletRequest httpServletRequest = (HttpServletRequest) request; HttpServletResponse httpServletResponse = (HttpServletResponse) response; httpServletResponse.setHeader("Access-control-Allow-Origin", httpServletRequest.getHeader("Origin")); httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE"); httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers")); // 跨域时会首先发送一个option请求,这里我们给option请求直接返回正常状态 if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) { httpServletResponse.setStatus(HttpStatus.OK.value()); return false; } return super.preHandle(request, response); }
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。