Javaweb下的跨域问题
因为浏览器同源访问的限制,前端在使用ajax进行请求时会出现跨域问题,只要端口不一样,主机不一样服务调用必定跨域,在spring里面,有个@CrossOrigin注解能够解决跨域问题,可是在个人实践中发现并很差用前几天用spring boot写后台出现跨域,以前有用的解决方案所有失效,很玄学的问题。如今我想用一种通用的解决方案来实现:html
public class OriginFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
// 处理跨域
httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
httpServletResponse.setHeader("Access-Control-Expose-Headers", "*");
httpServletResponse.setHeader("Access-Control-Allow-Headers", "*");
httpServletResponse.setHeader("Access-Control-Allow-Methods", "PUT,POST,GET,DELETE,OPTIONS");
httpServletResponse.setHeader("X-Powered-By", "Tomcat");
httpServletResponse.setHeader("Content-Type", "text/html;charset=UTF-8");
httpServletResponse.setHeader("maxAge", "10000");
request.setAttribute("Access-Control-Request-Headers", "*");
filterChain.doFilter(request, response);
}
}
若是是springboot还须要在本类上加注解前端
@Component @WebFilter(urlPatterns = "/", filterName = "myOriginFilter") @Order(1)//指定过滤器的执行顺序,值越大越靠后执行
主类上加上@ServletComponentScanjava
如果普通javaweb项目写配置文件就好web
我的看法:跨域这种安全性问题真的不能交给前端去控制,咱们的前端一直想去用jsonp去解决跨域被我挡回去了,前端真的控制不了安全问题ajax
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
欢迎关注本站公众号,获取更多信息
