一、zuul跨域:配置方式
application.yml
zuul:
sensitive-headers: Access-Control-Allow-Origin
ignored-headers:Access-Control-Allow-Origin,H-APP-Id,Token,APPToken
二、gateway跨域:過濾器方式
Spring Cloud Gateway 2.x NettyRoutingFilter 有bug,會重複設置跨域,所以需要在NettyRoutingFilter之後緊接着將重複的跨域取消掉
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.cloud.gateway.filter.NettyWriteResponseFilter;
import org.springframework.core.Ordered;
import org.springframework.http.HttpHeaders;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
import java.util.ArrayList;
public class CorsResponseHeaderFilter implements GlobalFilter, Ordered {
@Override
public int getOrder() {
// 指定此過濾器位於NettyWriteResponseFilter之後
// 即待處理完響應體後接着處理響應頭
return NettyWriteResponseFilter.WRITE_RESPONSE_FILTER_ORDER + 1;
}
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
return chain.filter(exchange).then(Mono.defer(() -> {
exchange.getResponse().getHeaders().entrySet().stream()
.filter(kv -> (kv.getValue() != null && kv.getValue().size() > 1))
.filter(kv -> (kv.getKey().equals(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN) ||
kv.getKey().equals(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS)))
.forEach(kv -> {
kv.setValue(new ArrayList<String>() {{
add(kv.getValue().get(0));
}});
});
return chain.filter(exchange);
}));
}
}
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.reactive.CorsWebFilter;
import org.springframework.web.cors.reactive.DefaultCorsProcessor;
import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.util.pattern.PathPatternParser;
@Configuration
public class CorsConfig {
@Bean
public CorsResponseHeaderFilter corsResponseHeaderFilter() {
return new CorsResponseHeaderFilter();
}
@Bean
public CorsWebFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(new PathPatternParser());
source.registerCorsConfiguration("/**", buildCorsConfiguration());
CorsWebFilter corsWebFilter = new CorsWebFilter(source, new DefaultCorsProcessor() {
@Override
protected boolean handleInternal(ServerWebExchange exchange, CorsConfiguration config,
boolean preFlightRequest) {
return super.handleInternal(exchange, config, preFlightRequest);
}
});
return corsWebFilter;
}
private CorsConfiguration buildCorsConfiguration() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.addAllowedOrigin("*");
corsConfiguration.addAllowedMethod("*");
corsConfiguration.addAllowedHeader("*");
corsConfiguration.setMaxAge(7200L);
corsConfiguration.setAllowCredentials(true);
return corsConfiguration;
}
}
補充說明:
1、跨域是前端使用options請求方式進行url驗證請求時使用
2、服務端處理思路爲,向response的header中返回是否允許跨域,允許的請求方式、允許的Header信息等,前端options方式獲取到允許跨域頭信息,方可調用正常業務接口
3、微服務下需要網關層配置允許跨域,業務層不配置跨域,否則前端會提示不支持跨域或重複配置跨域問題