@WebFilter(urlPatterns = {"/*"})
@Component
public class CorsFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
String origin = request.getHeader("Origin");
if (origin == null) {
origin = request.getHeader("Referer");
}
response.setHeader("Access-Control-Allow-Origin", origin); // 允許指定域訪問跨域資源
response.setHeader("Access-Control-Allow-Credentials", "true"); // 允許客戶端攜帶跨域cookie,此時origin值不能爲“*”,只能爲指定單一域名
response.setHeader("Access-Control-Max-Age", "3600"); // 瀏覽器緩存預檢請求結果時間,單位:秒
response.setHeader("Access-Control-Expose-Headers", "Content-Type,Content-Disposition,Content-Length");
String allowMethod = request.getHeader("Access-Control-Request-Method");
if (null != allowMethod) {
response.setHeader("Access-Control-Allow-Methods", allowMethod); // 允許瀏覽器在預檢請求成功之後發送的實際請求方法名
}
String allowHeaders = request.getHeader("Access-Control-Request-Headers");
if (null != allowHeaders) {
response.setHeader("Access-Control-Allow-Headers", allowHeaders); // 允許瀏覽器發送的請求消息頭
}
if (RequestMethod.OPTIONS.toString().equals(request.getMethod())) {
return;
}
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {
}
public void destroy() {
}
}
後端跨域CorsFilter工具類
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.