实现前后端分离的跨域访问(CORS)
1.介绍
从一个网站请求另一个网站,请求的地址中 IP地址,端口,协议三个任意一个有变化都属于跨域请求。
首先,部署在不同服务器上,那么IP是不一样的,属于跨域;部署在同一个服务器中,前端需要起一个服务把前端项目启动起来,后端起一个服务把后端项目启动起来,此时端口不一样,同样是跨域请求。
2.解决方式
添加过滤器拦截请求,设置头部信息(全局跨域):
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* <p>
* 解决前后端请求跨域问题
* </p>
*
* @author Zhang
* @since 2020-04-25
*/
@Component
@WebFilter(urlPatterns = "/*",filterName = "MyFilter")
public class MyFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) servletResponse;
response.setHeader("Access-Control-Allow-Origin", "*"); //解决跨域访问报错
response.setHeader("Access-Control-Allow-Credentials","true");
response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600"); //设置过期时间
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, client_id, uuid, Authorization");
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // 支持HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // 支持HTTP 1.0. response.setHeader("Expires", "0");
filterChain.doFilter(servletRequest, servletResponse);
}
@Override
public void destroy() {
}
}
SpringBoot项目,在启动类添加@ComponentScan注解。
使用注解(局部跨域):
在方法上(@RequestMapping)使用注解 @CrossOrigin
@ResponseBody
@CrossOrigin("http://localhost:8080")
public String index( ){
return "Hello World";
}
或者在控制器(@Controller)上使用注解 @CrossOrigin :
@CrossOrigin(origins = "http://xx-domain.com", maxAge = 3600)
public class AccountController {
@RequestMapping("/hello")
@ResponseBody
public String index( ){
return "Hello World";
}
}