SpringBoot---前端跨域
阿新 • • 發佈:2018-12-04
1.解決方案一:在Controller上新增@CrossOrigin註解
// 註解方式 @CrossOrigin @RestController public class LoginController { //方法上加入註解 @CrossOrigin(allowCredentials="true", allowedHeaders="*", methods={RequestMethod.GET, RequestMethod.POST, RequestMethod.DELETE, RequestMethod.OPTIONS, RequestMethod.HEAD, RequestMethod.PUT, RequestMethod.PATCH}, origins="*") @PostMapping("/confirm") public Response handler(@RequestBody Request json){ return null; } }
解決方案二:全域性配置
專案全域性配置
@Configuration public class MyWebConfiguration { @Bean public WebMvcConfigurer corsConfigurer() { return new WebMvcConfigurerAdapter() { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowCredentials(true) .allowedMethods("*"); } }; } }
解決方案三:通過攔截器/過濾器實現跨域
在spring boot的主類中,增加一個CorsFilter
@Bean public CorsFilter corsFilter() { final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); final CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); // 允許cookies跨域 config.addAllowedOrigin("*");// #允許向該伺服器提交請求的URI,*表示全部允許,在SpringMVC中,如果設成*,會自動轉成當前請求頭中的Origin config.addAllowedHeader("*");// #允許訪問的頭資訊,*表示全部 config.setMaxAge(18000L);// 預檢請求的快取時間(秒),即在這個時間段裡,對於相同的跨域請求不會再預檢了 config.addAllowedMethod("OPTIONS");// 允許提交請求的方法,*表示全部允許 config.addAllowedMethod("HEAD"); config.addAllowedMethod("GET");// 允許Get的請求方法 config.addAllowedMethod("PUT"); config.addAllowedMethod("POST"); config.addAllowedMethod("DELETE"); config.addAllowedMethod("PATCH"); source.registerCorsConfiguration("/**", config); return new CorsFilter(source); }
或者實現自定義的CorsFilter
@Component
public class CrosFilter implements Filter {
/**
* 跨域配置
*
* @param req http請求
* @param res http響應
* @param chain 責任鏈
* @throws IOException IO異常
* @throws ServletException Servlet異常
*/
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, token, language");
chain.doFilter(req, res);
}
/**
* 初始化配置
*
* @param filterConfig 初始化配置引數
*/
public void init(FilterConfig filterConfig) {
}
/**
* 配置銷燬
*/
public void destroy() {
}
}