應項目要求app端接口用Token,后台接口用Session造成的一系列跨域問題解決
1.web端開啟cookie跨域分享后,SessionID每次請求都是變化的
解決方案:
Access-Control-Allow-Origin 跨域參數不能設置成通配符* 得根據實際取具體的內容
2.app端需要自定義header的token字段需要在
Access-Control-Allow-Headers 最后面補齊自己定義的token參數 如我的accessToken
此處給出我的代碼
package com.thirtydays.common.interceptor;
import java.io.IOException;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
/**
* Cross-Origin Resource Sharing跨源資源共享 過濾器 允許前台頁面通過ajax或者angualr直接訪問
*
*/
@Component
@Slf4j
public class CorsFilter implements Filter {
private static final Logger LOGGER = LoggerFactory.getLogger(CorsFilter.class);
public static final String HOST_SPLIT_LINE = ",";
public static final String ALLOW_HEADER_SPLIT_LINE = "\\|";
@Value("${page.home}")
private String pageHome;
@Override
public void init(FilterConfig filterConfig)
throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse)res;
HttpServletRequest request = (HttpServletRequest)req;
List<String> domains = Arrays.asList(pageHome.split(HOST_SPLIT_LINE));
// 獲取發起當前請求的域名
String originHead = request.getHeader("Origin");
int index = index(domains, originHead);
if (index >= 0) {
String matchHeader = domains.get(index);
if (matchHeader.split(ALLOW_HEADER_SPLIT_LINE).length > 1) {
String [] headerConfig = matchHeader.split(ALLOW_HEADER_SPLIT_LINE);
// 允許的訪問域,允許全部則為*,允許部分則配置詳細的http地址,端口后不能有/
response.setHeader("Access-Control-Allow-Origin", headerConfig[1]);
} else {
response.setHeader("Access-Control-Allow-Origin", originHead);
}
} else {
response.setHeader("Access-Control-Allow-Origin", domains.get(0));
}
// 允許的訪問域,允許全部則為*,允許部分則配置詳細的http地址,端口后不能有/
// response.setHeader("Access-Control-Allow-Origin", "*");
// 訪問授權有效期 為一周,單位為秒
response.setHeader("Access-Control-Max-Age", "604800");
// 默認只允許GET、POST請求,需要將PUT和DELETE也加入此列
response.setHeader("Access-Control-Allow-Methods", "OPTIONS,GET,POST,PUT,DELETE");
// 允許自定義 header accessToken
response.setHeader("Access-Control-Allow-Headers",
"Authorization,Origin, Accept, Content-Type, X-HTTP-Method, X-HTTP-METHOD-OVERRIDE,XRequestedWith,X-Requested-With,xhr,custom-enterpriseId,x-clientappversion, x-wxopenid, x-devicetype,accessToken");
response.setHeader("Access-Control-Allow-Credentials", "true");
chain.doFilter(req, res);
}
@Override
public void destroy() {
}
/**
* 計算Header所在索引位置
* @param domains 域名列表
* @param curDomain 當前頁面域名
* @return
* @return int 返回類型
* @date 2020年6月30日 上午11:53:31
*/
private int index(List<String> domains, String curDomain) {
String domain = null;
for (int i = 0; i < domains.size(); i++) {
domain = domains.get(i);
String strs [] = domain.split(ALLOW_HEADER_SPLIT_LINE);
if ((null != strs) && (strs[0].equals(curDomain))) {
return i;
}
if (domain.equals(curDomain)) {
return i;
}
}
return -1;
}
}