Filter-CORS-跨域请求
关键代码:
第一种:使用@WebFilter注解,基本通用
@WebFilter(dispatcherTypes = {
DispatcherType.REQUEST,
DispatcherType.FORWARD,
DispatcherType.INCLUDE,
DispatcherType.ERROR
},filterName = "myFilter1", urlPatterns = "/*")
public class CorsFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {}
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
throws IOException, ServletException {
//测试过滤器时用
System.out.println("经过了此过滤器");
HttpServletRequest request = (HttpServletRequest)req;
HttpServletResponse response = (HttpServletResponse)resp;
//设置允许跨域
// 过滤器应用在SpringBoot时,前端若为vue普通项目则"Access-Control-Allow-Origin"可以写成"*",若为脚手架,则不能写成"*"
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Methods","*");
//设置开启Cookie
response.setHeader("Access-Control-Allow-Credentials", "true");
chain.doFilter(req, resp);
}
@Override
public void destroy() {}
}
比较全面一点的
@Slf4j
@WebFilter(urlPatterns = "/*", filterName = "CorsFilter")
public class CorsFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
log.debug(">>>>>>>>>>>>>>>>>跨域》》》》》》》》》》》》》》》》"+request.getHeader("Origin"));
if(StringUtils.isBlank(request.getHeader("Origin"))){
response.setHeader("Access-Control-Allow-Origin", "*");
}else{
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
}
// response.setHeader("Access-Control-Allow-Headers", "access-control-allow-origin, authority, content-type, version-info, X-Requested-With");
response.setHeader("Access-Control-Allow-Headers", "*");
// response.setHeader("Access-Control-Expose-Headers", "*");
response.setHeader("Access-Control-Allow-Methods", "*");
response.setHeader("Access-Control-Max-Age", "3600");
//response.setHeader("Access-Control-Allow-Credentials", "true");
if ("OPTIONS".equals(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
return;
}
chain.doFilter(request, response);
}
@Override
public void destroy() {
}
}
解释dispatcherTypes
-
REQUEST
只要发起的操作是一次HTTP请求,比如请求某个URL发起了一个GET请求、表单提交方式为POST时提交表单则发起了一个POST请求、表单提交方式为GET时提交表单则发起了一次GET请求、一次重定向则前后相当于发起了两次请求,这些情况下有几次请求就会走几次指定过滤器 -
FOWARD
只有当当前页面是通过请求转发转发过来的场景,才会走指定的过滤器 -
INCLUDE
只要是通过<jsp:include page="xxx.jsp" />,嵌入进来的页面,每嵌入的一个页面,都会走一次指定的过滤器 -
ERROR
这个可能开发者不是很熟悉,意思是当触发了一次error的时候,就会走一次指定的过滤器。
<error-page>
<error-code>400</error-code>
<location>/filter/error.jsp</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/filter/error.jsp</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/filter/error.jsp</location>
</error-page>
浙公网安备 33010602011771号