java tomcat-catalina CorsFilter使用,apache tomcat-catalina CorsFilter使用
javatomcat-catalinaCorsFilter使用,apache tomcat-catalina CorsFilter使用
================================
©Copyright 蕃薯耀 2020-11-26
https://www.cnblogs.com/fanshuyao/
org.apache.catalina.filters.CorsFilter為apache(tomcat-catalina)元件。
一、官網地址
http://tomcat.apache.org/tomcat-9.0-doc/config/filter.html
二、Springboot使用cors-filter
1、引入依賴
<dependency> <groupId>org.apache.tomcat</groupId> <artifactId>tomcat-catalina</artifactId> <version>9.0.40</version> <exclusions> <exclusion> <groupId>org.apache.tomcat</groupId> <artifactId>*</artifactId> </exclusion> </exclusions> </dependency>
2、配置類
import javax.servlet.Filter; import org.apache.catalina.filters.CorsFilter; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration;/** * apache CorsFilter過濾器配置類 */ @Configuration public class HttpFilterConfig { /** * apache提供的跨域訪問過濾器:org.apache.catalina.filters.CorsFilter * @return */ @Bean public FilterRegistrationBean<Filter> corsFilter() { FilterRegistrationBean<Filter> registration = new FilterRegistrationBean<>(); registration.setFilter(new CorsFilter());//org.apache.catalina.filters.CorsFilter //這個要設定成true //Defaults: false registration.addInitParameter("cors.support.credentials", "true"); //這個預設是不允許訪問的,可直接設定成 * //Defaults: The empty String. (No origin is allowed to access the resource). registration.addInitParameter("cors.allowed.origins", "http://127.0.0.1:7010"); //這個可直接不配置 //Defaults: GET, POST, HEAD, OPTIONS //registration.addInitParameter("cors.allowed.methods", "GET,POST"); //這個可直接不配置 //Defaults: Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers //registration.addInitParameter("cors.allowed.headers", "*"); //這個可直接不配置 //Default: None //registration.addInitParameter("cors.exposed.headers", ""); //這個可直接不配置 //Defaults: 1800。3600表示一個小時 //registration.addInitParameter("cors.preflight.maxage", "3600"); //這個可直接不配置 //A flag to control if the request should be decorated or not. Defaults: true //registration.addInitParameter("cors.request.decorate", "true"); registration.setName("CORSFilter"); //過濾器名稱 registration.addUrlPatterns("/*");//過濾路徑 registration.setOrder(1);//設定順序 return registration; } }
三、SpringWeb應用使用cors-filter
1、引入Jar包,放在專案的/WEB-INF/lib/目錄下
tomcat-catalina-9.0.40.jar
下載地址:
https://repo1.maven.org/maven2/org/apache/tomcat/tomcat-catalina/9.0.40/tomcat-catalina-9.0.40.jar
2、在WEB-INF/web.xml配置過濾器
<filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
四、引數說明
cors.allowed.origins
A list of origins that are allowed to access the resource. A * can be specified to enable access to resource from any origin. Otherwise, an allow list of comma separated origins can be provided. Eg: https://www.w3.org, https://www.apache.org. Defaults: The empty String. (No origin is allowed to access the resource).
cors.allowed.methods
A comma separated list of HTTP methods that can be used to access the resource, using cross-origin requests. These are the methods which will also be included as part of Access-Control-Allow-Methods header in pre-flight response. Eg: GET, POST. Defaults: GET, POST, HEAD, OPTIONS
cors.allowed.headers
A comma separated list of request headers that can be used when making an actual request. These headers will also be returned as part of Access-Control-Allow-Headers header in a pre-flight response. Eg: Origin,Accept. Defaults: Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
cors.exposed.headers
A comma separated list of headers other than simple response headers that browsers are allowed to access. These are the headers which will also be included as part of Access-Control-Expose-Headers header in the pre-flight response. Eg: X-CUSTOM-HEADER-PING,X-CUSTOM-HEADER-PONG. Default: None. Non-simple headers are not exposed by default.
cors.preflight.maxage
The amount of seconds, browser is allowed to cache the result of the pre-flight request. This will be included as part of Access-Control-Max-Age header in the pre-flight response. A negative value will prevent CORS Filter from adding this response header to pre-flight response. Defaults: 1800
cors.support.credentials
A flag that indicates whether the resource supports user credentials. This flag is exposed as part of Access-Control-Allow-Credentials header in a pre-flight response. It helps browser determine whether or not an actual request can be made using credentials. Defaults: false
cors.request.decorate
A flag to control if CORS specific attributes should be added to HttpServletRequest object or not. Defaults: true
引數配置示例(Xml):
<filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> <init-param> <param-name>cors.allowed.origins</param-name> <param-value>https://www.apache.org</param-value> </init-param> <init-param> <param-name>cors.allowed.methods</param-name> <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value> </init-param> <init-param> <param-name>cors.allowed.headers</param-name> <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value> </init-param> <init-param> <param-name>cors.exposed.headers</param-name> <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value> </init-param> <init-param> <param-name>cors.support.credentials</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>cors.preflight.maxage</param-name> <param-value>10</param-value> </init-param> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
================================
©Copyright 蕃薯耀 2020-11-26
https://www.cnblogs.com/fanshuyao/