項目總結36:Java設置Access-Control-Allow-Origin跨域
跨域問題的體現
Failed to load xxx: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
什么是跨域問題
當兩個域具有相同的協議(如http), 相同的端口(如80),相同的host(如www.google.com),那么我們就可以認為它們是相同的域(協議,域名,端口都必須相同)。
跨域就指着協議,域名,端口不一致,出於安全考慮,跨域的資源之間是無法交互的(例如一般情況跨域的JavaScript無法交互,當然有很多解決跨域的方案)。它是由瀏覽器的同源策略造成的,是瀏覽器對 JavaScript 施加的安全限制。
Access-Control-Allow-Origin是HTML5中定義的一種解決資源跨域的策略。是通過服務器端返回帶有Access-Control-Allow-Origin標識的Response header,用來解決資源的跨域權限問題。
Java處理跨域問題
//Spring框架下處理跨域請求問題 import org.springframework.stereotype.Component; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.Map; @Component public class AllowOriginFilter implements Filter { @Override public void destroy() { } @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Access-Control-Allow-Origin", "*");//* 表示該資源誰都可以用,從而實現跨域 response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "x-requested-with, content-type"); HttpServletRequest request = (HttpServletRequest) req; try { chain.doFilter(req, res); } catch (IOException e) { e.printStackTrace(); } catch (ServletException e) { e.printStackTrace(); } } @Override public void init(FilterConfig arg0) throws ServletException { } }