import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
@SuppressWarnings("unused")
public class SimpleCorsFilter implements Filter{
private Logger logger= LoggerFactory.getLogger(SimpleCorsFilter.class);
@Value("${com.cors}")
private String cors;
@Value("${com.corsheader}")
private String corsHeader;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
//logger.debug("CORS控制");
response.setHeader("Access-Control-Allow-Origin", cors);
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Headers", corsHeader);
response.setHeader("Vary", "Origin");
if(((HttpServletRequest)req).getMethod().toUpperCase().equals("OPTIONS")){
return;
}
chain.doFilter(req, res);
}
@Override
public void destroy() {
}
}
com.cors=* //設值允許訪問的域名 * 表示所有
com.corsheader=authtication,content-type //設值允許傳輸的header
Access-Control-Allow-Origin //允許哪些域名跨域
Access-Control-Allow-Credentials //是否允許cookies傳輸
Access-Control-Allow-Headers //允許header中哪些參數傳輸
response.setHeader("Vary", "Origin"); //告訴CDN等,響應是基於請求者Origin頭值進行協商的。
