SpringBoot 中实现跨域的5种方式

Posted 剑雪封喉r

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了SpringBoot 中实现跨域的5种方式相关的知识,希望对你有一定的参考价值。

对于 CORS的跨域请求,主要有以下几种方式可供选择:
1、返回新的CorsFilter (全局跨域)

package com.cfit.framework.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

@Configuration
public class CorsConfig {
    @Bean
    public CorsFilter corsFilter() {
	// 1. 添加 CORS配置信息
	CorsConfiguration config = new CorsConfiguration();
	// 放行哪些原始域
	config.addAllowedOrigin("*");
	// 是否发送 Cookie
	config.setAllowCredentials(true);
	// 放行哪些请求方式
	config.addAllowedMethod("*");
	// 放行哪些原始请求头部信息
	config.addAllowedHeader("*");
	// 暴露哪些头部信息
	config.addExposedHeader("*");
	// 2. 添加映射路径
	UrlBasedCorsConfigurationSource corsConfigurationSource = new UrlBasedCorsConfigurationSource();
	corsConfigurationSource.registerCorsConfiguration("/**", config);
	// 3. 返回新的CorsFilter
	return new CorsFilter(corsConfigurationSource);
    }
}

2、重写 WebMvcConfigurer (全局跨域)

package com.cfit.framework.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
public class CorsConfig implements WebMvcConfigurer {
    @Override
    public void addCorsMappings(CorsRegistry registry) {
	registry.addMapping("/**")
	// 是否发送Cookie
		.allowCredentials(true)
		// 放行哪些原始域
		.allowedOrigins("*").allowedMethods(new String[] { "GET", "POST", "PUT", "DELETE" }).allowedHeaders("*").exposedHeaders("*");
    }
}

3、使用注解 @CrossOrigin (局部跨域 springboot 2.4.x不支持这个策略) 允许可访问的域列表, 准备响应前的缓存持续的最大时间(以秒为单位),是否允许用户发送、处理 cookie

@CrossOrigin(origins = "*", maxAge = 3600,allowCredentials = "true")

4、手动设置响应头 (HttpServletResponse) (局部跨域)

    @RequestMapping("/index")
    public String index(HttpServletResponse response) {
	    response.addHeader("Access-Allow-Control-Origin", "*");
	    response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
	    response.setHeader("Access-Control-Max-Age", "3600");
	    response.setHeader("Access-Control-Allow-Headers", "x-requested-with,content-type");
	    return "index";
    }

5、自定web filter 实现跨域 (全局跨域)

package com.cfit.framework.config;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebFilter("/*")
public class CorsConfig implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
	HttpServletResponse res = (HttpServletResponse) response;
	HttpServletRequest req = (HttpServletRequest) request;
	String origin = req.getHeader("Origin");
	if (!org.springframework.util.StringUtils.isEmpty(origin)) {
	    // 带cookie的时候,origin必须是全匹配,不能使用*
	    res.addHeader("Access-Control-Allow-Origin", origin);
	}
	res.addHeader("Access-Control-Allow-Methods", "*");
	String headers = req.getHeader("Access-Control-Request-Headers");
	// 支持所有自定义头
	if (!org.springframework.util.StringUtils.isEmpty(headers)) {
	    res.addHeader("Access-Control-Allow-Headers", headers);
	}
	res.addHeader("Access-Control-Max-Age", "3600");
	// cookie
	res.addHeader("Access-Control-Allow-Credentials", "true");
	// 处理options请求
	if (req.getMethod().toUpperCase().equals("OPTIONS")) {
	    return;
	}
	// 获取token
	// String auth = req.getHeader("Authorization");
	String auth = req.getHeader("token");
	chain.doFilter(request, response);
    }

    @Override
    public void destroy() {
    }
}

 


 

以上是关于SpringBoot 中实现跨域的5种方式的主要内容,如果未能解决你的问题,请参考以下文章

SpringBoot 中实现跨域的5种方式

SpringBoot 中实现跨域的5种方式

Spring Boot 中实现跨域的 5 种方式,你一定要知道!

SpringBoot自定义拦截器和跨域配置冲突

跨域问题和django中实现跨域

在electron中实现跨域请求