碼上歡樂
相關內容    簡體    繁體

cors-filter使用,cors-filter解決跨域訪問,cors-filter跨域請求

本文轉載自   查看原文   2020-11-25 16:23   2315    蕃薯耀/ Java/ cors-filter解決跨域訪問/ cors-filter/ cors-filter跨域請求/ 蕃薯耀分享/ cors-filter使用/ springBoot/ spring&SpringMvc

cors-filter使用,cors-filter解決跨域訪問,cors-filter跨域請求

================================

©Copyright 蕃薯耀 2020-11-25

https://www.cnblogs.com/fanshuyao/

 

cors-filter為第三方組件。

一、官網地址

http://software.dzhuvinov.com/cors-filter.html

 

二、Springboot使用cors-filter

1、引入依賴

<dependency>
    <groupId>com.thetransactioncompany</groupId>
    <artifactId>cors-filter</artifactId>
    <version>2.9</version>
</dependency>

2、配置類

import javax.servlet.Filter;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import com.thetransactioncompany.cors.CORSFilter;

/**
 * 使用配置方式開發Filter,否則其中的自動注入無效
 *
 * @author Chris.Liao
 */
@Configuration
public class HttpFilterConfig {

    /**
     * com.thetransactioncompany cors-filter
     * @return
     */
    @Bean
    public FilterRegistrationBean<Filter> corsFilter() {
        FilterRegistrationBean<Filter> registration = new FilterRegistrationBean<>();
        
        registration.setFilter(new CORSFilter()); 
        
        //cors.supportsCredentials {true|false} defaults to true.
        //registration.addInitParameter("cors.supportsCredentials", "true");
        
        registration.addInitParameter("cors.allowOrigin", "http://127.0.0.1:7010,http://lqy.com:7010");//不符合時,報錯:Cross-Origin Resource Sharing (CORS) Filter: CORS origin denied
        
        //cors.supportedMethods {method-list} defaults to "GET, POST, HEAD, OPTIONS".
        registration.addInitParameter("cors.supportedMethods", "GET,POST");//不符合時,報錯:Cross-Origin Resource Sharing (CORS) Filter: Unsupported HTTP method
        
        //cors.supportedHeaders {"*"|header-list} defaults to *.
        //registration.addInitParameter("cors.supportedHeaders", "*");
        
        //cors.exposedHeaders {header-list} defaults to empty list.
        //registration.addInitParameter("cors.exposedHeaders", "");
        
        //cors.maxAge {int} defaults to -1 (unspecified).3600表示一個小時
        registration.addInitParameter("cors.maxAge", "3600");
        
        //cors.allowSubdomains {true|false} defaults to false.
        //cors.allowGenericHttpRequests {true|false} defaults to true.
        //cors.tagRequests {true|false} defaults to false (no tagging).
        
        registration.setName("CORSFilter"); //過濾器名稱
        registration.addUrlPatterns("/*");//過濾路徑
        registration.setOrder(1); //設置順序
        return registration;
    }
}

 

三、Spring Web應用使用cors-filter

1、引入Jar包(2個),放在項目的/WEB-INF/lib/目錄下

cors-filter-2.9.jar

java-property-utils-1.13.jar

下載地址:

https://repo1.maven.org/maven2/com/thetransactioncompany/cors-filter/2.9/cors-filter-2.9.jar

https://repo1.maven.org/maven2/com/thetransactioncompany/java-property-utils/1.13/java-property-utils-1.13.jar

當前最新版為:2.9

 

2、在WEB-INF/web.xml配置過濾器

最簡單的配置:

<filter>
    <filter-name>CORS</filter-name>
    <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
</filter>
<filter-mapping>
        <filter-name>CORS</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>

 

帶初始化參數的配置:

<filter>
        <filter-name>CORS</filter-name>
        <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>

        <init-param>
                <param-name>cors.allowOrigin</param-name>
                <param-value>http://example.com</param-value>
        </init-param>
</filter>

 

四、cors-filter 初始化參數:

cors.allowGenericHttpRequests

cors.allowOrigin

cors.allowSubdomains

cors.supportedMethods

cors.supportedHeaders

cors.exposedHeaders

cors.supportsCredentials

cors.maxAge

cors.tagRequests

 

cors.allowGenericHttpRequests {true|false} defaults to true.

If true generic HTTP requests will be allowed to pass through the filter, else only valid and accepted CORS requests will be allowed (strict CORS filtering).

 

cors.allowOrigin {"*"|origin-list} defaults to *.
Whitespace-separated list of origins that the CORS filter must allow. Requests from origins not included here will be refused with an HTTP 403 "Forbidden" response. If set to * (asterisk) any origin will be allowed.

 

cors.allowSubdomains {true|false} defaults to false.
If true the CORS filter will allow requests from any origin which is a subdomain origin of the allowed origins. A subdomain is matched by comparing its scheme and suffix (host name / IP address and optional port number).

 

cors.supportedMethods {method-list} defaults to "GET, POST, HEAD, OPTIONS".
List of the supported HTTP methods. These are advertised through the Access-Control-Allow-Methods header and must also be implemented by the actual CORS web service. Requests for methods not included here will be refused by the CORS filter with an HTTP 405 "Method not allowed" response.

 

cors.supportedHeaders {"*"|header-list} defaults to *.
The names of the supported author request headers. These are advertised through the Access-Control-Allow-Headers header.

If the configuration property value is set to * (asterisk) any author request header will be allowed. The CORS Filter implements this by simply echoing the requested value back to the browser.

 

cors.exposedHeaders {header-list} defaults to empty list.
List of the response headers other than simple response headers that the browser should expose to the author of the cross-domain request through the XMLHttpRequest.getResponseHeader() method. The CORS filter supplies this information through the Access-Control-Expose-Headers header.

 

cors.supportsCredentials {true|false} defaults to true.
Indicates whether user credentials, such as cookies, HTTP authentication or client-side certificates, are supported. The CORS filter uses this value in constructing the Access-Control-Allow-Credentials header.

 

cors.maxAge {int} defaults to -1 (unspecified).
Indicates how long the results of a preflight request can be cached by the web browser, in seconds. If -1 unspecified. This information is passed to the browser via the Access-Control-Max-Age header.

 

cors.tagRequests {true|false} defaults to false (no tagging).
Enables HTTP servlet request tagging to provide CORS information to downstream handlers (filters and/or servlets).

 

 

總結:cors跨域請求解決方案(建議采用方案1)

1、springboot CORS 跨域請求解決三大方案,springboot CorsFilter解決跨域問題

https://www.cnblogs.com/fanshuyao/p/14030944.html

 

2、cors-filter使用,cors-filter解決跨域訪問,cors-filter跨域請求

https://www.cnblogs.com/fanshuyao/p/14036848.html

 

3、org.ebaysf.web的cors-filter使用,cors-filter跨域請求

https://www.cnblogs.com/fanshuyao/p/14042293.html

 

4、java tomcat-catalina CorsFilter使用,apache tomcat-catalina CorsFilter使用

https://www.cnblogs.com/fanshuyao/p/14042420.html

 

5、springboot jsonp 跨域請求,springboot使用jsonp跨域

https://www.cnblogs.com/fanshuyao/p/14034014.html

 

 

 

(如果文章對您有幫助,歡迎捐贈,^_^)

 

================================

©Copyright 蕃薯耀 2020-11-25

https://www.cnblogs.com/fanshuyao/


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 java web cors-filter 跨域開源庫springboot 配置 跨域訪問CORS CORS跨域訪問漏洞 解決ajax請求cors跨域問題 JS跨域請求之CORS 跨域訪問方法介紹(7)--使用 CORS fetch 跨域請求(通過CORS) 【fetch跨域請求】cors CORS——跨域請求那些事兒 如何使用CORS解決跨域問題
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM