SpringBoot中一个万能的Cors跨域Filter

SpringBoot中一个万能的Cors跨域Filter

跨域这个话题,群里几天能看到很多次,几乎都是一样的台词。

“这怎么回事啊?”
“怎么弄啊?”
“还是不行啊?”
“我按照XX做的啊?”

好像大家也不怎么关心跨域产生的原因,以及详细的去了解cors跨域。 :shushing_face:
行吧,那你就 把这个Filter丢到SpringBoot项目中,让Spring加载,它能解决 99% 以上的跨域问题

CorsFilter

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.simpleframework.xml.core.Commit;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpHeaders;
import org.springframework.util.StringUtils;

@Commit
@Order(-9999)
public class CorsFilter extends HttpFilter {

	/**
	 * 
	 */
	private static final long serialVersionUID = -8387103310559517243L;

	@Override
	protected void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws IOException, ServletException {

		String origin = req.getHeader(HttpHeaders.ORIGIN);
		
		if (!StringUtils.isEmpty(origin)){
			res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, origin);
			res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "Origin, x-requested-with, Content-Type, Accept, Authorization");
			res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
			res.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, PUT, OPTIONS, DELETE");
			res.addHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, "Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma");
			res.addHeader(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "60");
		}
		super.doFilter(req, res, chain);
	}
}

最后

你有兴趣了解一下跨域呢,可以看看这个