SpringBoot 中实现跨域的5种方式
Posted 剑雪封喉r
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了SpringBoot 中实现跨域的5种方式相关的知识,希望对你有一定的参考价值。
对于 CORS的跨域请求,主要有以下几种方式可供选择:
1、返回新的CorsFilter (全局跨域)
package com.cfit.framework.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
@Configuration
public class CorsConfig
@Bean
public CorsFilter corsFilter()
// 1. 添加 CORS配置信息
CorsConfiguration config = new CorsConfiguration();
// 放行哪些原始域
config.addAllowedOrigin("*");
// 是否发送 Cookie
config.setAllowCredentials(true);
// 放行哪些请求方式
config.addAllowedMethod("*");
// 放行哪些原始请求头部信息
config.addAllowedHeader("*");
// 暴露哪些头部信息
config.addExposedHeader("*");
// 2. 添加映射路径
UrlBasedCorsConfigurationSource corsConfigurationSource = new UrlBasedCorsConfigurationSource();
corsConfigurationSource.registerCorsConfiguration("/**", config);
// 3. 返回新的CorsFilter
return new CorsFilter(corsConfigurationSource);
2、重写 WebMvcConfigurer (全局跨域)
package com.cfit.framework.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class CorsConfig implements WebMvcConfigurer
@Override
public void addCorsMappings(CorsRegistry registry)
registry.addMapping("/**")
// 是否发送Cookie
.allowCredentials(true)
// 放行哪些原始域
.allowedOrigins("*").allowedMethods(new String[] "GET", "POST", "PUT", "DELETE" ).allowedHeaders("*").exposedHeaders("*");
3、使用注解 @CrossOrigin (局部跨域 springboot 2.4.x不支持这个策略) 允许可访问的域列表, 准备响应前的缓存持续的最大时间(以秒为单位),是否允许用户发送、处理 cookie
@CrossOrigin(origins = "*", maxAge = 3600,allowCredentials = "true")
4、手动设置响应头 (HttpServletResponse) (局部跨域)
@RequestMapping("/index")
public String index(HttpServletResponse response)
response.addHeader("Access-Allow-Control-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with,content-type");
return "index";
5、自定web filter 实现跨域 (全局跨域)
package com.cfit.framework.config;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebFilter("/*")
public class CorsConfig implements Filter
public void init(FilterConfig filterConfig) throws ServletException
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
HttpServletResponse res = (HttpServletResponse) response;
HttpServletRequest req = (HttpServletRequest) request;
String origin = req.getHeader("Origin");
if (!org.springframework.util.StringUtils.isEmpty(origin))
// 带cookie的时候,origin必须是全匹配,不能使用*
res.addHeader("Access-Control-Allow-Origin", origin);
res.addHeader("Access-Control-Allow-Methods", "*");
String headers = req.getHeader("Access-Control-Request-Headers");
// 支持所有自定义头
if (!org.springframework.util.StringUtils.isEmpty(headers))
res.addHeader("Access-Control-Allow-Headers", headers);
res.addHeader("Access-Control-Max-Age", "3600");
// cookie
res.addHeader("Access-Control-Allow-Credentials", "true");
// 处理options请求
if (req.getMethod().toUpperCase().equals("OPTIONS"))
return;
// 获取token
// String auth = req.getHeader("Authorization");
String auth = req.getHeader("token");
chain.doFilter(request, response);
@Override
public void destroy()
以上是关于SpringBoot 中实现跨域的5种方式的主要内容,如果未能解决你的问题,请参考以下文章