實現前后端分離的跨域訪問(CORS)
1.介紹
從一個網站請求另一個網站,請求的地址中 IP地址,端口,協議三個任意一個有變化都屬於跨域請求。
首先,部署在不同服務器上,那么IP是不一樣的,屬於跨域;部署在同一個服務器中,前端需要起一個服務把前端項目啟動起來,后端起一個服務把后端項目啟動起來,此時端口不一樣,同樣是跨域請求。
2.解決方式
添加過濾器攔截請求,設置頭部信息(全局跨域):
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* <p>
* 解決前后端請求跨域問題
* </p>
*
* @author Zhang
* @since 2020-04-25
*/
@Component
@WebFilter(urlPatterns = "/*",filterName = "MyFilter")
public class MyFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) servletResponse;
response.setHeader("Access-Control-Allow-Origin", "*"); //解決跨域訪問報錯
response.setHeader("Access-Control-Allow-Credentials","true");
response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600"); //設置過期時間
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, client_id, uuid, Authorization");
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // 支持HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // 支持HTTP 1.0. response.setHeader("Expires", "0");
filterChain.doFilter(servletRequest, servletResponse);
}
@Override
public void destroy() {
}
}
SpringBoot項目,在啟動類添加@ComponentScan注解。
使用注解(局部跨域):
在方法上(@RequestMapping)使用注解 @CrossOrigin
@ResponseBody
@CrossOrigin("http://localhost:8080")
public String index( ){
return "Hello World";
}
或者在控制器(@Controller)上使用注解 @CrossOrigin :
@CrossOrigin(origins = "http://xx-domain.com", maxAge = 3600)
public class AccountController {
@RequestMapping("/hello")
@ResponseBody
public String index( ){
return "Hello World";
}
}