Spring boot跨域设置

WindySky 2017-12-11

展开全文

1. 原由

本人是spring boot菜鸟，但是做测试框架后端需要使用Spring boot和前端对接，出现跨域问题，需要设置后端Response的Header.走了不少坑，在这总结一下以备以后使用

2. 使用场景

浏览器默认不允许跨域访问，包括我们平时ajax也是限制跨域访问的。

产生跨域访问的情况主要是因为请求的发起者与请求的接受者1、域名不同；2、端口号不同

3.解决方案

通过设置Access-Control-Allow-Origin来实现跨域访问

4. 具体解决

刚开始使用http://www.jianshu.com/p/f2060a6d6e3b设置，但是由于我们使用的spring版本的问题，CorsConfiguration类需要4.2.7版本。和我们使用的spring里面版本不一致，导致版本冲突或者各种问题

[java] view plain copy

后来改为Filter方式

[java] view plain copy

@Component
public class CorsFilter implements Filter {
final static org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(CorsFilter.class);
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest reqs = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin","*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {}
public void destroy() {}
}

网上很多资料都是教按以上方法设置，但是我这里就是设置不成功的。出现下面问题

[plain] view plain copy

Fetch API cannot load https://atfcapi.alpha./atfcapi/project/mainPageList. The value of the 'Access-Control-Allow-Origin'

[plain] view plain copy

header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'https://atfcapi-test.faas.' is therefore not allowed access.

目前为止，不知道为什么这样配置不可以，然后改为设置单个域名，如下显示

[java] view plain copy

response.setHeader("Access-Control-Allow-Origin", "https://atfcapi-test.faas.");

这样设置就成功了，但是我们有好几个环境，同一套代码，写死一个域名并解决不了问题，

按照很多网络文章中所说，设置多个域名如下：

[java] view plain copy

response.setHeader("Access-Control-Allow-Origin", "https://atfcapi-test.faas.,https://atfcapi-test-beta.faas.");

但是设置完以后，并不好用，出现如下错误信息：

[plain] view plain copy

Fetch API cannot load https://atfcapi.alpha./atfcapi/project/getProjects. The 'Access-Control-Allow-Origin' header contains multiple values

[plain] view plain copy

'https://atfcapi-test.faas.,https://atfcapi-test-beta.faas.', but only one is allowed. Origin 'https://atfcapi-test.faas.' is therefore not allowed access. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

设置为以下方式也还是错误：

[plain] view plain copy

response.setHeader("Access-Control-Allow-Origin", "https://atfcapi-test.faas.");
response.setHeader("Access-Control-Allow-Origin", "https://atfcapi-test-beta.faas.");

最后采用了一种和设置为* 的方式一样的办法，代码如下：

[java] view plain copy

@Component
public class CorsFilter implements Filter {
final static org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(CorsFilter.class);
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest reqs = (HttpServletRequest) req;
response.setHeader("Access-Control-Allow-Origin",reqs.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {}
public void destroy() {}
}