在項目當中,現在開發都是前後端分離,有時候會產生請求的跨域,這個時候一般的解決方案有兩種,一種是基於nginx進行跨域配置,還有一種是後端通過實現filter來允許跨域,下面看一下通過filter實現的跨域代碼:
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CorsFilter implements Filter {
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
//設置請求允許跨域
response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, request.getHeader("Origin"));
response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
//設置跨域-方法OK
response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, StringUtil.join(RequestMethod.values()));
//設置跨域-請求頭
response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, StringUtil.join(new String[]{
HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS,
HttpHeaders.CONTENT_TYPE,
HttpHeaders.ACCEPT,
HttpHeaders.ORIGIN}));
/**
* 預檢查後,在 3600s 內不需要再預檢查,直接進行請求
*/
response.setHeader(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "3600");
/**
* POST @RequestBody 類型參數接口會發一次 {@link RequestMethod#OPTIONS} 方式的請求進行預檢查
* 需要捕獲(否則後端{@link HttpServletRequest#getRequestURI()} 沒有對應的 {@link RequestMethod.OPTIONS} 請求方式)
* 捕獲後返回 {@link HttpStatus#SC_NO_CONTENT} 請求碼即可
*/
if (RequestMethod.OPTIONS.name().equals(request.getMethod())) {
response.setStatus(HttpStatus.SC_NO_CONTENT);
} else {
chain.doFilter(req, res);
}
}
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void destroy() {
}
}