項目結構:前端服務——>網關服務——>子服務
最近做的項目中碰到跨域的問題,本來習慣性地拉出來以前的filter配置放進網關中,結果前端直接請求網關接口的時候還能跨域成功,通過網管訪問子服務的時候就會報跨域問題。
后仔細研究發現,response頭中的信息是雙份的。
然后才發現原來是子服務中也有一套跨域配置,將子服務中的配置去掉后即可訪問成功。
想來zuul的路由服務是直接轉發請求的,而不是重新請求子服務。不然也不會把兩個服務的頭信息都保留下來了。
常規跨域配置如下:
package com.innove.authority.config; import org.springframework.context.annotation.Configuration; import javax.servlet.*; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; @WebFilter(filterName = "requestFilter", urlPatterns = {"/*"}) @Configuration public class CorsConfig implements Filter { @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) servletResponse; HttpServletRequest request = (HttpServletRequest) servletRequest; //此處替換為放行域名,設置多個時使用addHeader()。或者全部放行設置為* response.setHeader("Access-Control-Allow-Origin", "http://*******.com"); response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, token, authorization"); //此處設置為true時,Access-Control-Allow-Origin對應的值不能有多個。設置為false時,不允許客戶端攜帶驗證信息(如cookie) response.setHeader("Access-Control-Allow-Credentials", "true"); String method = request.getMethod(); if (method.equalsIgnoreCase("OPTIONS")) { servletResponse.getOutputStream().write("Success".getBytes("utf-8")); } else { filterChain.doFilter(servletRequest, servletResponse); } } }