娉ㄨВ@CrossOrigin瑙e喅璺ㄥ煙闂
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了娉ㄨВ@CrossOrigin瑙e喅璺ㄥ煙闂相关的知识,希望对你有一定的参考价值。
鏍囩锛?a href='http://www.mamicode.com/so/1/spring' title='spring'>spring
bbb 鍝嶅簲 long ajax site cts tool 鍥炲埌椤堕儴闃呰鐩綍锛?/strong>
闃呰姝f枃锛?/strong>
鍘熸枃閾炬帴锛?a href="https://www.mmzsblog.cn/articles/2019/08/23/1566526598886.html">https://www.mmzsblog.cn/articles/2019/08/23/1566526598886.html
娉ㄨВ@CrossOrigin
銆€銆€鍑轰簬瀹夊叏鍘熷洜锛屾祻瑙堝櫒绂佹Ajax璋冪敤椹荤暀鍦ㄥ綋鍓嶅師鐐逛箣澶栫殑璧勬簮銆備緥濡傦紝褰撲綘鍦ㄤ竴涓爣绛句腑妫€鏌ヤ綘鐨勯摱琛岃处鎴锋椂锛屼綘鍙互鍦ㄥ彟涓€涓€夐」鍗′笂鎷ユ湁EVILL缃戠珯銆傛潵鑷狤VILL鐨勮剼鏈笉鑳藉瀵逛綘鐨勯摱琛孉PI鍋氬嚭Ajax璇锋眰锛堜粠浣犵殑甯愭埛涓彇鍑洪挶锛侊級浣跨敤鎮ㄧ殑鍑嵁銆?/p>
銆€銆€璺ㄦ簮璧勬簮鍏变韩锛圕ORS锛夋槸鐢卞ぇ澶氭暟娴忚鍣ㄥ疄鐜扮殑W3C瑙勮寖锛屽厑璁告偍鐏垫椿鍦版寚瀹氫粈涔堟牱鐨勮法鍩熻姹傝鎺堟潈锛岃€屼笉鏄娇鐢ㄤ竴浜涗笉澶畨鍏ㄥ拰涓嶅お寮哄ぇ鐨勭瓥鐣ワ紝濡侷FRAME鎴朖SONP銆?/p>
涓€銆佽法鍩?CORS)鏀寔锛?/h2>
銆€銆€Spring Framework 4.2 GA涓篊ORS鎻愪緵浜嗙涓€绫绘敮鎸侊紝浣挎偍姣旈€氬父鐨勫熀浜庤繃婊ゅ櫒鐨勮В鍐虫柟妗堟洿瀹规槗鍜屾洿寮哄ぇ鍦伴厤缃畠銆傛墍浠pringMVC鐨勭増鏈鍦?.2鎴栦互涓婄増鏈墠鏀寔@CrossOrigin
浜屻€佷娇鐢ㄦ柟娉曪細
1銆乧ontroller閰嶇疆CORS
1.1銆乧ontroller鏂规硶鐨凜ORS閰嶇疆锛屾偍鍙互鍚慇RequestMapping娉ㄨВ澶勭悊绋嬪簭鏂规硶娣诲姞涓€涓狜CrossOrigin娉ㄨВ锛屼互渚垮惎鐢–ORS锛堥粯璁ゆ儏鍐典笅锛孈CrossOrigin鍏佽鍦ˊRequestMapping娉ㄨВ涓寚瀹氱殑鎵€鏈夋簮鍜孒TTP鏂规硶锛夛細
@RestController
@RequestMapping("/account")
public class AccountController {
@CrossOrigin
@GetMapping("/{id}")
public Account retrieve(@PathVariable Long id) {
// ...
}
@DeleteMapping("/{id}")
public void remove(@PathVariable Long id) {
// ...
}
}
鍏朵腑@CrossOrigin涓殑2涓弬鏁帮細
origins 锛?鍏佽鍙闂殑鍩熷垪琛?/p>
maxAge锛氬噯澶囧搷搴斿墠鐨勭紦瀛樻寔缁殑鏈€澶ф椂闂达紙浠ョ涓哄崟浣嶏級銆?/p>
1.2銆佷负鏁翠釜controller鍚敤@CrossOrigin
@CrossOrigin(origins = "http://domain2.com", maxAge = 3600)
@RestController
@RequestMapping("/account")
public class AccountController {
@GetMapping("/{id}")
public Account retrieve(@PathVariable Long id) {
// ...
}
@DeleteMapping("/{id}")
public void remove(@PathVariable Long id) {
// ...
}
}
鍦ㄨ繖涓緥瀛愪腑锛屽浜巖etrieve()鍜宺emove()澶勭悊鏂规硶閮藉惎鐢ㄤ簡璺ㄥ煙鏀寔锛岃繕鍙互鐪嬪埌濡備綍浣跨敤@CrossOrigin灞炴€у畾鍒禖ORS閰嶇疆銆?/p>
1.3銆佸悓鏃朵娇鐢╟ontroller鍜屾柟娉曠骇鍒殑CORS閰嶇疆锛孲pring灏嗗悎骞朵袱涓敞閲婂睘鎬т互鍒涘缓鍚堝苟鐨凜ORS閰嶇疆銆?/p>
@CrossOrigin(maxAge = 3600)
@RestController
@RequestMapping("/account")
public class AccountController {
@CrossOrigin(origins = "http://domain2.com")
@GetMapping("/{id}")
public Account retrieve(@PathVariable Long id) {
// ...
}
@DeleteMapping("/{id}")
public void remove(@PathVariable Long id) {
// ...
}
}
1.4銆佸鏋滄偍姝e湪浣跨敤Spring Security锛岃纭繚鍦⊿pring瀹夊叏绾у埆鍚敤CORS锛屽苟鍏佽瀹冨埄鐢⊿pring MVC绾у埆瀹氫箟鐨勯厤缃€?/p>
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and()...
}
}
2銆佸叏灞€CORS閰嶇疆
銆€銆€闄や簡缁嗙矑搴︺€佸熀浜庢敞閲婄殑閰嶇疆涔嬪锛屾偍杩樺彲鑳介渶瑕佸畾涔変竴浜涘叏灞€CORS閰嶇疆銆傝繖绫讳技浜庝娇鐢ㄧ瓫閫夊櫒锛屼絾鍙互澹版槑涓篠pring MVC骞剁粨鍚堢粏绮掑害@CrossOrigin閰嶇疆銆傞粯璁ゆ儏鍐典笅锛屾墍鏈塷rigins and GET, HEAD and POST methods鏄厑璁哥殑銆?/p>
JavaConfig
浣挎暣涓簲鐢ㄧ▼搴忕殑CORS绠€鍖栦负锛?/p>
@Configuration
@EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**");
}
}
濡傛灉鎮ㄦ鍦ㄤ娇鐢⊿pring Boot锛屽缓璁皢WebMvcConfigurer bean澹版槑濡備笅锛?/p>
@Configuration
public class MyConfiguration {
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**");
}
};
}
}
鎮ㄥ彲浠ヨ交鏉惧湴鏇存敼浠讳綍灞炴€э紝浠ュ強浠呭皢姝ORS閰嶇疆搴旂敤鍒扮壒瀹氱殑璺緞妯″紡锛?/p>
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/api/**")
.allowedOrigins("http://domain2.com")
.allowedMethods("PUT", "DELETE")
.allowedHeaders("header1", "header2", "header3")
.exposedHeaders("header1", "header2")
.allowCredentials(false).maxAge(3600);
}
濡傛灉鎮ㄦ鍦ㄤ娇鐢⊿pring Security锛岃纭繚鍦⊿pring瀹夊叏绾у埆鍚敤CORS锛屽苟鍏佽瀹冨埄鐢⊿pring MVC绾у埆瀹氫箟鐨勯厤缃€?/p>
3銆乆ML鍛藉悕绌洪棿
杩樺彲浠ュ皢CORS涓嶮VC XML鍛藉悕绌洪棿閰嶇疆銆?/p>
a銆佸鏋滄暣涓」鐩墍鏈夋柟娉曢兘鍙互璁块棶锛屽垯鍙互杩欐牱閰嶇疆锛涙鏈€灏廥ML閰嶇疆浣緾ORS鍦?**璺緞妯″紡鍏锋湁涓嶫avaConfig鐩稿悓鐨勭己鐪佸睘鎬э細
<mvc:cors>
<mvc:mapping path="/**" />
</mvc:cors>
鍏朵腑* 琛ㄧず鍖归厤鍒颁笅涓€灞傦紱** 琛ㄧず鍚庨潰涓嶇鏈夊灏戝眰锛岄兘鑳藉尮閰嶃€?/strong>
濡傦細
<mvc:cors>
<mvc:mapping path="/api/*"/>
</mvc:cors>
杩欎釜鍙互鍖归厤鍒扮殑璺緞鏈夛細
/api/aaa
/api/bbbb
涓嶈兘鍖归厤鐨勶細
/api/aaa/bbb
鍥犱负* 鍙兘鍖归厤鍒颁笅涓€灞傝矾寰勶紝濡傛灉鎯冲悗闈笉绠″灏戝眰閮藉彲浠ュ尮閰嶏紝閰嶇疆濡備笅锛?/p>
<mvc:cors>
<mvc:mapping path="/api/**"/>
</mvc:cors>
娉細鍏跺疄灏辨槸涓€涓?*)鍙樻垚涓や釜(**)
b銆佷篃鍙互鐢ㄥ畾鍒跺睘鎬у0鏄庡嚑涓狢ORS鏄犲皠锛?/p>
<mvc:cors>
<mvc:mapping path="/api/**"
allowed-origins="http://domain1.com, http://domain2.com"
allowed-methods="GET, PUT"
allowed-headers="header1, header2, header3"
exposed-headers="header1, header2" allow-credentials="false"
max-age="123" />
<mvc:mapping path="/resources/**"
allowed-origins="http://domain1.com" />
</mvc:cors>
璇锋眰璺緞鏈?api/锛屾柟娉曠ず渚嬪涓嬶細
@RequestMapping("/api/crossDomain")
@ResponseBody
public String crossDomain(HttpServletRequest req, HttpServletResponse res, String name){
……
……
}
c銆佸鏋滀娇鐢⊿pring Security锛屼笉瑕佸繕璁?a href="https://docs.spring.io/spring-security/site/docs/current/reference/html/cors.html" target="_blank">鍦⊿pring瀹夊叏绾у埆鍚敤CORS锛?/p>
<http>
<!-- Default to Spring MVC鈥榮 CORS configuration -->
<cors />
...
</http>
4銆丠ow does it work?
銆€銆€CORS璇锋眰锛堝寘鎷閫夌殑甯︽湁閫夐」鏂规硶锛夎鑷姩鍙戦€佸埌娉ㄥ唽鐨勫悇绉岺andlerMapping 銆傚畠浠鐞咰ORS鍑嗗璇锋眰骞舵嫤鎴狢ORS绠€鍗曞拰瀹為檯璇锋眰锛岃繖寰楃泭浜嶤orsProcessor瀹炵幇锛堥粯璁ゆ儏鍐典笅榛樿DefaultCorsProcessor澶勭悊鍣級锛屼互渚挎坊鍔犵浉鍏崇殑CORS鍝嶅簲澶达紙濡侫ccess-Control-Allow-Origin锛夈€?nbsp;CorsConfiguration 鍏佽鎮ㄦ寚瀹欳ORS璇锋眰搴旇濡備綍澶勭悊锛氬厑璁竜rigins, headers, methods绛夈€?/p>
a銆?a href="https://docs.spring.io/spring/docs/4.2.x/javadoc-api/org/springframework/web/servlet/handler/AbstractHandlerMapping.html#setCorsConfiguration-java.util.Map-">AbstractHandlerMapping#setCorsConfiguration() 鍏佽鎸囧畾涓€涓槧灏勶紝鍏朵腑鏈夊嚑涓?a href="https://docs.spring.io/spring/docs/4.2.x/javadoc-api/org/springframework/web/cors/CorsConfiguration.html">CorsConfiguration 鏄犲皠鍦ㄨ矾寰勬ā寮忎笂锛屾瘮濡?api/**銆?/p>
b銆佸瓙绫诲彲浠ラ€氳繃閲嶅啓AbstractHandlerMapping绫荤殑getCorsConfiguration(Object, HttpServletRequest)鏂规硶鏉ユ彁渚涜嚜宸辩殑CorsConfiguration銆?/p>
c銆佸鐞嗙▼搴忓彲浠ュ疄鐜?nbsp;CorsConfigurationSource鎺ュ彛锛堝ResourceHttpRequestHandler锛夛紝浠ヤ究涓烘瘡涓姹傛彁渚涗竴涓?a href="https://docs.spring.io/spring/docs/4.2.x/javadoc-api/org/springframework/web/cors/CorsConfiguration.html">CorsConfiguration銆?/p>
5銆佸熀浜庤繃婊ゅ櫒鐨凜ORS鏀寔
銆€銆€浣滀负涓婅堪鍏朵粬鏂规硶鐨勬浛浠o紝Spring妗嗘灦杩樻彁渚涗簡CorsFilter銆傚湪杩欑鎯呭喌涓嬶紝涓嶇敤浣跨敤@CrossOrigin鎴?/code>WebMvcConfigurer#addCorsMappings(CorsRegistry),锛屼緥濡傦紝鍙互鍦⊿pring Boot搴旂敤绋嬪簭涓0鏄庡涓嬬殑杩囨护鍣細
@Configuration
public class MyConfiguration {
@Bean
public FilterRegistrationBean corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("http://domain1.com");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
bean.setOrder(0);
return bean;
}
}
涓夈€乻pring娉ㄨВ@CrossOrigin涓嶈捣浣滅敤鐨勫師鍥?/h2>
1銆佹槸springMVC鐨勭増鏈鍦?.2鎴栦互涓婄増鏈墠鏀寔@CrossOrigin
2銆侀潪@CrossOrigin娌℃湁瑙e喅璺ㄥ煙璇锋眰闂锛岃€屾槸涓嶆纭殑璇锋眰瀵艰嚧鏃犳硶寰楀埌棰勬湡鐨勫搷搴旓紝瀵艰嚧娴忚鍣ㄧ鎻愮ず璺ㄥ煙闂銆?/p>
3銆佸湪Controller娉ㄨВ涓婃柟娣诲姞@CrossOrigin娉ㄨВ鍚庯紝浠嶇劧鍑虹幇璺ㄥ煙闂锛岃В鍐虫柟妗堜箣涓€灏辨槸锛?/p>
鍦ˊRequestMapping娉ㄨВ涓病鏈夋寚瀹欸et銆丳ost鏂瑰紡锛屽叿浣撴寚瀹氬悗锛岄棶棰樿В鍐炽€?/p>
绫讳技浠g爜濡備笅锛?/p>
@CrossOrigin
@RestController
public class person{
@RequestMapping(method = RequestMethod.GET)
public String add() {
// 鑻ュ共浠g爜
}
}
鍥涖€佸弬鑰冩枃绔狅細
1銆佸畼鏂规枃妗?a href="https://spring.io/blog/2015/06/08/cors-support-in-spring-framework" target="_blank">https://spring.io/blog/2015/06/08/cors-support-in-spring-framework
2銆?a href="http://fanshuyao.iteye.com/blog/2384189" target="_blank">http://fanshuyao.iteye.com/blog/2384189
2銆?a href="https://blog.csdn.net/taiyangnimeide/article/details/78305131" target="_blank">https://blog.csdn.net/taiyangnimeide/article/details/78305131
3銆?a href="https://blog.csdn.net/snowin1994/article/details/53035433" target="_blank">https://blog.csdn.net/snowin1994/article/details/53035433
以上是关于娉ㄨВ@CrossOrigin瑙e喅璺ㄥ煙闂的主要内容,如果未能解决你的问题,请参考以下文章
鍦↖ntelliJ IDEA涓紝Lombok娉ㄨВ@Slf4j鎵句笉鍒發og瑙e喅鏂规