跨域请求是指当前发起请求的域,与该请求指向的资源所在的域不同的请求,这里的同域指的是 “协议 + 域名 + 端口号” 均相同,那么就是同域
#前端以5500端口启动了一个服务器,并向后端8080发送请求,由于端口不同,也是跨域请求 http://127.0.0.1:5500 http://127.0.0.1:8080
在springboot项目中,对于跨域请求默认会被拒绝访问,因此要启用跨域请求访问,后端服务器需要添加一些配置
这里以使用springboot2.0版本为例介绍以下几种配置方法
方式1:使用注解@CrossOriginController类上直接使用注解@CrossOrigin而无需其他配置即可访问
@CrossOrigin
@RestController
@RequestMapping("/test")
public class TestController {
//
}
方式2:配置类中只需配置一个CorsFilter即可实现
package com.developer.corstest.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
//看清楚,这里导入的包,不要错误导入:
//import org.springframework.web.cors.reactive.UrlbasedCorsConfigurationSource;
import org.springframework.web.cors.UrlbasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
@Configuration
public class CorsConfig {
@Bean
public CorsFilter corsWebFilter() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
// 允许的请求头
corsConfiguration.addAllowedHeader("*");
// 允许的请求源 (如:http://localhost:8080)
corsConfiguration.addAllowedOrigin("*");
// 允许的请求方法 ==> GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS, TRACE
corsConfiguration.addAllowedMethod("*");
// URL 映射 (如: /admin
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//跨域访问设置:response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
//或者:httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers"));
response.setHeader("Access-Control-Allow-Headers","*");
//或设置*
response.setHeader("Access-Control-Allow-Method","GET,POST,OPTIONS,PUT,DELETE");
//允许所有的域名跨域访问,使用 response.setHeader("Access-Control-Allow-Origin","*")通常无效,应该使用如下方式
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
System.out.println("Origin="+request.getHeader("Origin"));
System.out.println("uri="+request.getRequestURI());
System.out.println("url="+request.getRequestURL());
String token = request.getHeader("AUTHORIZATION");
System.out.println("token="+token);
response.setHeader("Access-Control-Allow-Credentials", "true");
// 跨域时会首先发送一个option请求,这里我们给option请求直接返回正常状态
if (request.getMethod().equals(RequestMethod.OPTIONS.name())) {
response.setStatus(HttpStatus.OK.value());
return false;
}
return true;
}
}
(2)然后创建一个配置类实现WebMvcConfigurer接口,并在addInterceptors()方法中添加拦截器类
//springboot版本2.2.2.RELEASE
@Configuration
public class WebMvcConfig implements WebMvcConfigurer {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/static/**").addResourceLocations("classpath:/static/");
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
System.out.println("addInterceptors...");
registry.addInterceptor(new CorsInterceptor()).
addPathPatterns("/**").
excludePathPatterns("/static/**", "/error.html");
}
方式6:配置类覆盖接口方法
只需要覆盖以下方法即可实现,这是最简单的方法
@Configuration
public class WebMvcConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
//配置允许跨域的路径
registry.addMapping("/**")
//配置允许访问的跨域资源的请求域名
.allowCredentials(true)
.allowedOrigins("*")
//配置允许访问该跨域资源服务器的请求方法
.allowedMethods("*")
//配置允许请求 头部head的访问
.allowedHeaders("*");
}
}
