Spring Boot 跨域过滤器(过滤器跨域问题)
2018-06-29 本文已影响0人
不敢预言的预言家
重写
WebMvcConfigurer#addCorsMappings()可以解决一部分跨域的问题,但是对于有些过滤器涉及到跨域,且拦截器位面较高的话,还是会出现一些跨域问题。
配置 CorsFilter 跨域过滤器,一劳永逸
CorsFilterRegistrationConfig
package site.yuyanjia.template.common.config;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
import java.util.ArrayList;
import java.util.List;
/**
* 跨域过滤器
*
* @author seer
* @date 2018/6/29 10:09
*/
@Configuration
@ConfigurationProperties(prefix = CorsFilterRegistrationConfig.PREFIX)
public class CorsFilterRegistrationConfig {
public static final String PREFIX = "yuyanjia.filter.cors";
/**
* 允许跨域地址
* 允许所有:*
*/
private List<String> allowedOriginList = new ArrayList<>();
/**
* 允许请求头信息
* 允许所有:*
*/
private List<String> allowedHeaderList = new ArrayList<>();
/**
* 允许请求信息
* 允许所有:*
*/
private List<String> allowedMethodList = new ArrayList<>();
/**
* 允许暴露信息
*/
private List<String> exposedHeaderList = new ArrayList<>();
/**
* 允许证书
*/
private Boolean allowCredentials = true;
/**
* 缓存时间
*/
private Long maxAge = 3600L;
/**
* 过滤地址
*/
private String mapping = "";
/**
* 跨域过滤器
*
* @return
*/
@Bean
public FilterRegistrationBean CrosFilterRegistrationBean() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.setAllowedOrigins(allowedOriginList);
corsConfiguration.setAllowedHeaders(allowedHeaderList);
corsConfiguration.setAllowedMethods(allowedMethodList);
corsConfiguration.setExposedHeaders(exposedHeaderList);
corsConfiguration.setMaxAge(maxAge);
corsConfiguration.setAllowCredentials(allowCredentials);
UrlBasedCorsConfigurationSource configurationSource = new UrlBasedCorsConfigurationSource();
configurationSource.registerCorsConfiguration(mapping, corsConfiguration);
CorsFilter corsFilter = new CorsFilter(configurationSource);
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(corsFilter);
filterRegistrationBean.setOrder(0);
return filterRegistrationBean;
}
public List<String> getAllowedOriginList() {
return allowedOriginList;
}
public void setAllowedOriginList(List<String> allowedOriginList) {
this.allowedOriginList = allowedOriginList;
}
public List<String> getAllowedHeaderList() {
return allowedHeaderList;
}
public void setAllowedHeaderList(List<String> allowedHeaderList) {
this.allowedHeaderList = allowedHeaderList;
}
public List<String> getAllowedMethodList() {
return allowedMethodList;
}
public void setAllowedMethodList(List<String> allowedMethodList) {
this.allowedMethodList = allowedMethodList;
}
public List<String> getExposedHeaderList() {
return exposedHeaderList;
}
public void setExposedHeaderList(List<String> exposedHeaderList) {
this.exposedHeaderList = exposedHeaderList;
}
public Boolean getAllowCredentials() {
return allowCredentials;
}
public void setAllowCredentials(Boolean allowCredentials) {
this.allowCredentials = allowCredentials;
}
public Long getMaxAge() {
return maxAge;
}
public void setMaxAge(Long maxAge) {
this.maxAge = maxAge;
}
public String getMapping() {
return mapping;
}
public void setMapping(String mapping) {
this.mapping = mapping;
}
}
application.yml
yuyanjia:
filter:
cors:
allowed-origin-list:
- '*'
allowed-header-list:
- '*'
allowed-method-list:
- POST
- GET
exposed-header-list:
- access-control-allow-headers
- access-control-allow-methods
- access-control-allow-origin
- access-control-max-age
- X-Frame-Options
mapping: /website/**
推荐一些关于HTTP请求的相关资料,有助于了解跨域请求
Access-Control-Allow-Origin 这个里有跨域相关属性设置的一切概念解释
前端 | 浅谈preflight request
HTTP响应头和请求头信息对照表
四种常见的 POST 提交数据方式对应的content-type取值 Spring Boot 会根据 Content-type 确定 HttpMessageConverter
