将CorsMapping从更改
registry.addMapping("/*")为registry.addMapping("/**")in addCorsMappings方法。为整个应用程序启用CORS很简单:
@Configuration@EnableWebMvcpublic class WebConfig extends WebMvcConfigurerAdapter { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**"); }}你可以轻松更改任何属性,以及仅将此CORS配置应用于特定的路径模式:
@Configuration@EnableWebMvcpublic class WebConfig extends WebMvcConfigurerAdapter { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/api/**") .allowedOrigins("http://domain2.com") .allowedMethods("PUT", "DELETE") .allowedHeaders("header1", "header2", "header3") .exposedHeaders("header1", "header2") .allowCredentials(false).maxAge(3600); }}控制器方法CORS配置
@RestController@RequestMapping("/account")public class AccountController { @CrossOrigin @RequestMapping("/{id}") public Account retrieve(@PathVariable Long id) { // ... }}要为整个控制器启用CORS-
@CrossOrigin(origins = "http://domain2.com", maxAge = 3600)@RestController@RequestMapping("/account")public class AccountController { @RequestMapping("/{id}") public Account retrieve(@PathVariable Long id) { // ... } @RequestMapping(method = RequestMethod.DELETE, path = "/{id}") public void remove(@PathVariable Long id) { // ... }}你甚至可以同时使用控制器级别和方法级别的CORS配置。然后,Spring将结合两个注释中的属性来创建合并的CORS配置。
@CrossOrigin(maxAge = 3600)@RestController@RequestMapping("/account")public class AccountController { @CrossOrigin("http://domain2.com") @RequestMapping("/{id}") public Account retrieve(@PathVariable Long id) { // ... } @RequestMapping(method = RequestMethod.DELETE, path = "/{id}") public void remove(@PathVariable Long id) { // ... }}
