Spring完美解決跨域問題
阿新 • • 發佈:2019-01-04
一、Spring MVC 從4.2版本開始增加了對CORS的支援在Spring MVC 中增加CORS支援非常簡單,可以配置全域性的規則
<mvc:cors>
<mvc:mapping path="/**" allowed-origins="*" allow-credentials="true" max-age="1800"
allowed-methods="GET,POST,PUT,DELETE,PATCH,OPTIONS"/>
</mvc:cors>
二、當上述配置無效的時候,可以自定義攔截器,用程式碼實現跨域
如:
import org.springframework.http.HttpHeaders; import org.springframework.web.servlet.HandlerInterceptor; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class CrossInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception { if (request.getHeader(HttpHeaders.ORIGIN) != null) { String origin = request.getHeader("Origin"); response.addHeader("Access-Control-Allow-Origin", origin); response.addHeader("Access-Control-Allow-Credentials", "true"); response.addHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT,PATCH, HEAD"); response.addHeader("Access-Control-Allow-Headers", "Content-Type"); response.addHeader("Access-Control-Max-Age", "3600"); } return true; } }
三、SpringMVC4.1及更老的版本的跨域問題解決
可以自定義攔截器或者過濾器,如:
import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class cInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse response, Object o) throws Exception { System.out.println("新增跨域支援"); //新增跨域CORS response.addHeader("Access-Control-Max-Age", "1800");//30 min response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Headers", "X-Requested-With,content-type,Content-Type,token"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH"); return true; } @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { System.out.println("postHandle"); } @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { System.out.println("afterCompletion"); } }
四、如果是帶有cookie的跨域問題
帶有cookie時,配置Access-Control-Allow-Origin項不能為*,必須是具體的值!
如:
以上情況是本人遇到的四種情況,如果還有不能解決的網友,歡迎在評論區留言import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class cInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse response, Object o) throws Exception { System.out.println("新增跨域支援"); //新增跨域CORS response.addHeader("Access-Control-Max-Age", "1800");//30 min response.setHeader("Access-Control-Allow-Origin", "http://www.demo.com:8080"); response.setHeader("Access-Control-Allow-Headers", "X-Requested-With,content-type,Content-Type,token"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH"); return true; } @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { System.out.println("postHandle"); } @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { System.out.println("afterCompletion"); } }