後端設置Cookie前端跨域獲取丟失問題（基於springboot實現）

時間 2019-11-12

標籤後端設置 cookie 前端獲取丟失問題基於 springboot 實現欄目 HTML 简体版

原文原文鏈接

1.跨域問題說明：後端域名爲A.abc.com，前端域名爲B.abc.com。前端

2.後端設置一個cookie發送給前臺，domain應該是setDomain（「abc.com」），而不是setDomain（「B.abc.com」）spring

3.另外，還要實現WebMvcConfigurerr配置加入Cors的跨域後端

@Configuration
public class WebConfig implements WebMvcConfigurer {
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**").allowedOrigins("*").allowedMethods("GET", "POST", "OPTIONS", "PUT")
                .allowedHeaders("Content-Type", "X-Requested-With", "accept", "Origin", "Access-Control-Request-Method",
                        "Access-Control-Request-Headers")
                .exposedHeaders("Access-Control-Allow-Origin", "Access-Control-Allow-Credentials")
                .allowCredentials(true).maxAge(3600);
    }

}

--------------------------------------------分割線2018-9-16--------------------------------跨域

因爲以前的項目要搬到springcloud上面，全部就有了zuul網關來管理全部的請求，以前cookie設置的請求頭Authoriaztion竟然沒有被傳到前端。cookie

涼涼……app

設置網關層跨域問題都已經所有容許任何請求頭（下圖），可是仍是前端訪問仍是沒有Authoriaztion，各類問題都排查了，都沒有問題。。。大寫的迷惘！！！dom

後來啊，乾脆把Authoriaztion名字給改了，直接改成token。ide

艹，竟然能夠了，前端能拿到token；改回Authoriaztion，沒有。。。idea

後來查了資料，才發現哦，zuul會默認過濾掉幾個敏感詞，沒錯，就是它：spa

　　/**
     * List of sensitive headers that are not passed to downstream requests. Defaults to a
     * "safe" set of headers that commonly contain user credentials. It's OK to remove
     * those from the list if the downstream service is part of the same system as the
     * proxy, so they are sharing authentication data. If using a physical URL outside
     * your own domain, then generally it would be a bad idea to leak user credentials.
     */
    private Set<String> sensitiveHeaders = new LinkedHashSet<>(
            Arrays.asList("Cookie", "Set-Cookie", "Authorization"));

而我，恰好就中獎了！！！