后端设置Cookie前端跨域获取丢失问题（基于springboot实现）

时间 2019-11-12

标签后端设置 cookie 前端获取丢失问题基于 springboot 实现栏目 HTML 繁體版

原文原文链接

1.跨域问题说明：后端域名为A.abc.com，前端域名为B.abc.com。前端

2.后端设置一个cookie发送给前台，domain应该是setDomain（“abc.com”），而不是setDomain（“B.abc.com”）spring

3.另外，还要实现WebMvcConfigurerr配置加入Cors的跨域后端

@Configuration
public class WebConfig implements WebMvcConfigurer {
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**").allowedOrigins("*").allowedMethods("GET", "POST", "OPTIONS", "PUT")
                .allowedHeaders("Content-Type", "X-Requested-With", "accept", "Origin", "Access-Control-Request-Method",
                        "Access-Control-Request-Headers")
                .exposedHeaders("Access-Control-Allow-Origin", "Access-Control-Allow-Credentials")
                .allowCredentials(true).maxAge(3600);
    }

}

--------------------------------------------分割线2018-9-16--------------------------------跨域

因为以前的项目要搬到springcloud上面，全部就有了zuul网关来管理全部的请求，以前cookie设置的请求头Authoriaztion竟然没有被传到前端。cookie

凉凉……app

设置网关层跨域问题都已经所有容许任何请求头（下图），可是仍是前端访问仍是没有Authoriaztion，各类问题都排查了，都没有问题。。。大写的迷惘！！！dom

后来啊，干脆把Authoriaztion名字给改了，直接改成token。ide

艹，竟然能够了，前端能拿到token；改回Authoriaztion，没有。。。idea

后来查了资料，才发现哦，zuul会默认过滤掉几个敏感词，没错，就是它：spa

　　/**
     * List of sensitive headers that are not passed to downstream requests. Defaults to a
     * "safe" set of headers that commonly contain user credentials. It's OK to remove
     * those from the list if the downstream service is part of the same system as the
     * proxy, so they are sharing authentication data. If using a physical URL outside
     * your own domain, then generally it would be a bad idea to leak user credentials.
     */
    private Set<String> sensitiveHeaders = new LinkedHashSet<>(
            Arrays.asList("Cookie", "Set-Cookie", "Authorization"));

而我，恰好就中奖了！！！