spring+javaWeb框架处理请求跨域的问题
- 添加CorsFilterConfig实现Filter接口
@Order(1)
@Configuration
public class CorsFilterConfig implements Filter{
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse httpResponse = (HttpServletResponse) response;
HttpServletRequest httpRequest = (HttpServletRequest) request;
// 打印初始响应头
System.out.println("Before setting headers: " + httpResponse.getHeaderNames());
// 允许的源列表
List<String> allowedOrigins = Arrays.asList(
"http://localhost:8000",
"http://xx.xxx.xx.xxx:8000"
);
// 获取请求中的 Origin
String originHeader = httpRequest.getHeader("Origin");
// 检查请求的 Origin 是否在允许的列表中
if (originHeader != null && allowedOrigins.contains(originHeader)) {
httpResponse.setHeader("Access-Control-Allow-Origin", originHeader);
httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
}
// 设置 CORS 响应头
httpResponse.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
httpResponse.setHeader("Access-Control-Allow-Headers", "*");
httpResponse.setHeader("Access-Control-Max-Age", "3600");
// 打印最终响应头
System.out.println("After setting headers: " + httpResponse.getHeaderNames());
if ("OPTIONS".equalsIgnoreCase(((HttpServletRequest) request).getMethod())) {
httpResponse.setStatus(HttpServletResponse.SC_OK);
return;
}
chain.doFilter(request, response);
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("CorsFilter initialized");
}
@Override
public void destroy() {
System.out.println("CorsFilter destroyed");
}
}
2.在web.xml文件中将自定义的 CorsFilterConfig 类作为过滤器启用,并映射到所有请求路径 /*,这表示该过滤器会对所有请求生效。
<!-- 跨域请求过滤器 -->
<filter>
<filter-name>corsFilter</filter-name>
<filter-class>com.alibaba.aone.blast.webapp.config.CorsFilterConfig</filter-class>
</filter>
<filter-mapping>
<filter-name>corsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
朝聞道,夕可眠矣。
浙公网安备 33010602011771号