版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/qq360694660/article/details/81631231
package com.example.studySpringBoot.filter;
import org.springframework.util.StringUtils;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class MySelfFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
// 支持Cookie的跨域请求,Access-Control-Allow-Origin值不可以为*
// *允许所有域名跨域访问
// response.addHeader("Access-Control-Allow-Origin","http://localhost:7001");
// 支持Cookie多域跨域访问
String origin = request.getHeader("Origin");
if(!StringUtils.isEmpty(origin)){
response.addHeader("Access-Control-Allow-Origin",origin);
}
response.addHeader("Access-Control-Allow-Methods","*");// * 允许所有请求方法
// response.addHeader("Access-Control-Allow-Headers","Content-Type");
// 支持自定义头跨域访问
String headers= request.getHeader("Access-Control-Allow-Headers");
if(!StringUtils.isEmpty(headers)){
response.addHeader("Access-Control-Allow-Headers",headers);
}
// 允许带Cookie
response.addHeader("Access-Control-Allow-Credentials","true");
filterChain.doFilter(request,response);
}
@Override
public void destroy() {
}
}
总结:
1、Access-Control-Allow-Origion字段值不能使用通配符"*",必须全域名匹配。
2、服务端需要开启跨域:响应头中增加Access-Control-Allow-Credentials:true
3、前端使用ajax调用跨域请求时需要增加:withCredentials:true