[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-YoV8DwXW-1650725515871)(https://ask8088-private-1251520898.cn-south.myqcloud.com/developer-images/article/9695062/44vj5udadr.png?q-sign-algorithm=sha1&q-ak=AKID2uZ1FGBdx1pNgjE3KK4YliPpzyjLZvug&q-sign-time=1650725461;1650732661&q-key-time=1650725461;1650732661&q-header-list=&q-url-param-list=&q-signature=86856d88265463a57d2196169061adebd06384db)]
Access to XMLHttpRequest at 'http://localhost:8080/store/users/reg' from origin 'http://localhost:52972' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.原因
方案 方案一 直接采用SpringBoot的注解@CrossOrigin(支持SpringMvc)浏览器出于安全考虑,使用XMLHttpRequest对象发起HTTP请求时必须遵守同源策略(要求源相同才能正常进行通信,即协议,域名,端口号都完全一致)
同源策略限制了从同一个源加载的文档或脚本如何与来自另一个源的资源进行交互。这是一个用于隔离潜在恶意文件的重要安全机制。
在Control层需要跨域的方法或类上增加注解@CrossOrigin
该注解可继承
@RestController//以json数据格式响应到前端
@RequestMapping("/users")
public class UserController extends BaseController{
@Autowired
public IUserService userService;
@RequestMapping("/reg")
@CrossOrigin
public JsonResult reg(User user){
JsonResult result=new JsonResult<>();
userService.register(user);
result.setState(200);
result.setMessage("注册成功");
return result;
}
}
方法二、处理跨域请求的Configuration
增加一个配置类,CrossOriginConfig.java。继承WebMvcConfigurerAdapter或者实现WebMvcConfigurer接口,其他都不用管,项目启动时,会自动读取配置。
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
public class CorsConfig extends WebMvcConfigurerAdapter {
static final String ORIGINS[] = new String[] { "GET", "POST", "PUT", "DELETE" };
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedOrigins("*").allowCredentials(true).allowedMethods(ORIGINS).maxAge(3600);
}
方法三、采用过滤器(filter)的方式
同方法二加配置类,增加一个CORSFilter 类,并实现Filter接口即可,其他都不用管,接口调用时,会过滤跨域的拦截。
@Component
public class CORSFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse res = (HttpServletResponse) response;
res.addHeader("Access-Control-Allow-Credentials", "true");
res.addHeader("Access-Control-Allow-Origin", "*");
res.addHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT");
res.addHeader("Access-Control-Allow-Headers", "Content-Type,X-CAF-Authorization-Token,sessionToken,X-TOKEN");
if (((HttpServletRequest) request).getMethod().equals("OPTIONS")) {
response.getWriter().println("ok");
return;
}
chain.doFilter(request, response);
}
@Override
public void destroy() {
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
}
