Springboot跨域设置实例详解
定义:跨域是指从⼀个域名的⽹页去请求另⼀个域名的资源
1.原由
公司内部有多个不同的⼦域,⽐如⼀个是locationpany ,⽽应⽤是放在apppany , 这时想从 apppany去访问 locationpany 的资源就属于跨域
本⼈是springboot菜鸟,但是做测试框架后端需要使⽤Springboot和前端对接,出现跨域问题,需要设置后端Response的Header.⾛了不少坑,在这总结⼀下以备以后使⽤
2.使⽤场景
浏览器默认不允许跨域访问,包括我们平时ajax也是限制跨域访问的。
产⽣跨域访问的情况主要是因为请求的发起者与请求的接受者1、域名不同;2、端⼝号不同
如果⼀个⽹页可以随意地访问另外⼀个⽹站的资源,那么就有可能在客户完全不知情的情况下出现安全问题
3.解决⽅案
通过设置Access-Control-Allow-Origin来实现跨域访问
4.具体解决
@Configuration
public class CorsConfig {
private CorsConfiguration buildConfig() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.addAllowedOrigin("*"); // 1
corsConfiguration.addAllowedHeader("*"); // 2
corsConfiguration.addAllowedMethod("*"); // 3
return corsConfiguration;
}
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
return new CorsFilter(source);
}
}
后来改为Filter⽅式
@Component
public class CorsFilter implements Filter {
final static org.slf4j.Logger logger = org.Logger(CorsFilter.class);
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest reqs = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin","*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {}
public void destroy() {}
}
后来改为Filter⽅式
@Component
public class CorsFilter implements Filter {
final static org.slf4j.Logger logger = org.Logger(CorsFilter.class);
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest reqs = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin","*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {}
public void destroy() {}
}
⽹上很多资料都是教按以上⽅法设置,但是我这⾥就是设置不成功的。出现下⾯问题
<span >Fetch API cannot load atfcapi./atfcapi/project/main
PageList. The value of the 'Access-Control-Allow-Origin' </span>
<span >header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'atfcapi-test.' is therefore not allowed access.</span>
⽬前为⽌,不知道为什么这样配置不可以,然后改为设置单个域名,如下显⽰
response.setHeader("Access-Control-Allow-Origin", "atfcapi-test.");
这样设置就成功了,但是我们有好⼏个环境,同⼀套代码,写死⼀个域名并解决不了问题,
按照很多⽹络⽂章中所说,设置多个域名如下:
response.setHeader("Access-Control-Allow-Origin", "atfcapi-test.,atfcapi-test-beta.");
spring boot面试题笔试题但是设置完以后,并不好⽤,出现如下错误信息:
<span >Fetch API cannot load atfcapi./atfcapi/project/getP
rojects. The 'Access-Control-Allow-Origin' header contains multiple values </span>
<span >'atfcapi-test.,atfcapi-test-beta.', but only one is allowed. Origin 'atfcapi-test.' is therefore not allowed access. Have the server send the header with a valid value, or, i 设置为以下⽅式也还是错误:
response.setHeader("Access-Control-Allow-Origin", "atfcapi-test.");
response.setHeader("Access-Control-Allow-Origin", "atfcapi-test-beta.");
最后采⽤了⼀种和设置为* 的⽅式⼀样的办法,代码如下:
@Component
public class CorsFilter implements Filter {
final static org.slf4j.Logger logger = org.Logger(CorsFilter.class);
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest reqs = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin",Header("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {}
public void destroy() {}
}
从request 中的header中获取Origin,来做配置,最终成功并满⾜需求。
其实有些东西还是⼀知半解,但是起码曲线救国也是⼀种解决⽅法。
总结
以上就是本⽂关于Spring boot跨域设置实例详解的全部内容,希望对⼤家有所帮助。感兴趣的朋友可以继续参阅本站:如有不⾜之处,欢迎留⾔指出。感谢朋友们对本站的⽀持!
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论