Filter像下面这样在服务器端扩展并添加类:
注意:这只是一个简单的示例,可以帮助您开始。告知自己有关的安全隐患,如果你不配置它以正确的方式…
检查的最后一部分,这篇文章
public class CORSFilter implements Filter { // For security reasons set this regex to an appropriate value // example: ".*example\.com" private static final String ALLOWED_DOMAINS_REGEXP = ".*"; public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) servletRequest; HttpServletResponse resp = (HttpServletResponse) servletResponse; String origin = req.getHeader("Origin"); if (origin != null && origin.matches(ALLOWED_DOMAINS_REGEXP)) { resp.addHeader("Access-Control-Allow-Origin", origin); if ("options".equalsIgnoreCase(req.getMethod())) { resp.setHeader("Allow", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS"); if (origin != null) { String headers = req.getHeader("Access-Control-Request-Headers"); String method = req.getHeader("Access-Control-Request-Method"); resp.addHeader("Access-Control-Allow-Methods", method); resp.addHeader("Access-Control-Allow-Headers", headers); // optional, only needed if you want to allow cookies. resp.addHeader("Access-Control-Allow-Credentials", "true"); resp.setContentType("text/x-gwt-rpc"); } resp.getWriter().flush(); return; } } // Fix ios6 caching post requests if ("post".equalsIgnoreCase(req.getMethod())) { resp.addHeader("Cache-Control", "no-cache"); } if (filterChain != null) { filterChain.doFilter(req, resp); } } @Override public void destroy() { } @Override public void init(FilterConfig arg0) throws ServletException { }}不要忘记
Filter在Web.xml(在WAR文件内,而不是tomcat web.xml内)文件中添加。
<filter> <filter-name>corsFilter</filter-name> <filter-class><YourProjectPath>.CORSFilter</filter-class></filter><filter-mapping> <filter-name>corsFilter</filter-name> <url-pattern>/*</url-pattern></filter-mapping>
