尽管Spring安全性提供了一种在httpconfigurer中配置CORS的方法,但是有一种更加干净的方法可以将CORS过滤器添加到应用程序中,
@Component@Order(Ordered.HIGHEST_PRECEDENCE)public class MyCORSFilter implements Filter {@Overridepublic void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin")); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me"); chain.doFilter(req, res);}@Overridepublic void init(FilterConfig filterConfig) {}@Overridepublic void destroy() {}}对过滤器进行最高优先级排序可确保MyCORSFilter实现
javax.servlet.Filter是链中的第一个实现。希望这可以帮助
