第一步:在gateway網關的配置文件中加上下面這些:
ly:
cors:
allowedOrigins:
- http://manage.leyou.com
- http://xxx.xxx.com
# 允許哪些網址就繼續加,不要寫 *,否則cookie就無法使用了
allowedCredentials: true # 代表攜帶cookie
allowedHeaders:
- "*"
allowedMethods:
- GET
- POST
- DELETE
- PUT
- OPTIONS
- HEAD
maxAge: 360000
filterPath: "/**"
第二步:寫一個配置類解析上面的配置文件信息
@Data
@ConfigurationProperties(prefix = "ly.cors")
public class CORSProperties {
private List<String> allowedOrigins;
private Boolean allowedCredentials;
private List<String> allowedMethods;
private List<String> allowedHeaders;
private Long maxAge;
private String filterPath;
}
第三步:寫一個跨域的過濾器
@Configuration @EnableConfigurationProperties(CORSProperties.class)
public class GlobalCORSConfig {
@Autowired
private CORSProperties prop;
/**
* @Bean注解,將當前方法的返回值對象放入到IOC容器中
* @return
*/
@Bean
public CorsFilter corsFilter() {
//1.添加CORS配置信息
CorsConfiguration config = new CorsConfiguration();
prop.getAllowedOrigins().forEach(config::addAllowedOrigin);
//上面的寫法和下面這個效果一樣
// for (String allowedOrigin : prop.getAllowedOrigins()) {
// config.addAllowedOrigin(allowedOrigin);
// }
//2) 是否發送Cookie信息
config.setAllowCredentials(prop.getAllowedCredentials());
//3) 允許的請求方式
prop.getAllowedMethods().forEach(config::addAllowedMethod);
// 4)允許的頭信息
prop.getAllowedHeaders().forEach(config::addAllowedHeader);
// 5)有效期
config.setMaxAge(prop.getMaxAge());
//2.添加映射路徑,我們攔截一切請求
UrlBasedCorsConfigurationSource configSource = new UrlBasedCorsConfigurationSource();
configSource.registerCorsConfiguration(prop.getFilterPath(), config);
//3.返回新的CORSFilter.
return new CorsFilter(configSource);
}
}