通常狀況下,直接用@CrossOrigin
就能夠搞定了java
@CrossOrigin(origins = "http://localhost:8080") @RequestMapping(value = "/cors", method = RequestMethod.GET) public Object cors(){ ... }
@Configuration @EnableWebMvc public class WebMvcConfig extends WebMvcConfigurerAdapter { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/cors"); } }
好比須要對用戶身份進行驗證git
@Component public class AuthInterceptor extends HandlerInterceptorAdapter{ private static final Logger logger= LoggerFactory.getLogger(AuthInterceptor.class); public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler){ String _authorization = request.getHeader("Authorization"); logger.info("authorization:{}",_authorization); if(_authorization!=null){ request.setAttribute("authorization",_authorization); return true; }else{ response.setStatus(403); return false; } } }
瀏覽器在發送OPTION請求時,可能(這個我還要去google一下)不會帶上驗證信息,在攔截器那裏就沒經過,進而結束請求.而前面方法的執行是在攔截器後面,不會起做用.(固然在攔截器那裏判斷,若是是OPTION方法就經過,也沒問題)
這就須要另外一種方法spring
@Configuration @EnableWebMvc public class WebMvcConfig extends WebMvcConfigurerAdapter { @Autowired private AuthInterceptor authInterceptor; @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(authInterceptor); } @Bean public FilterRegistrationBean corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); config.addAllowedOrigin("*"); config.addAllowedHeader("*"); config.addAllowedMethod("*"); source.registerCorsConfiguration("/cors", config); FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source)); bean.setOrder(0); return bean; } }
這個過濾器會在執行攔截器前面執行瀏覽器
下載app