跨域问题浅析

xiaoxiao2021-02-27  566

什么是跨域问题

URL说明是否允许跨域http:// www.a.com/a.jshttp:// www.a.com/b.js同一域名下允许http:// www.a.com/lab/a.jshttp:// www.a.com/script/b.js同一域名下不同文件夹允许http:// www.a.com:8000/a.jshttp: //www.a.com/b.js同一域名,不同端口不允许http: //www.a.com/a.jshttps: //www.a.com/b.js同一域名,不同协议不允许http:// www.a.com/a.jshttp:// 70.32.92.74/b.js域名和域名对应ip不允许http:// www.a.com/a.jshttp:// script.a.com/b.js主域相同,子域不同不允许http:// www.a.com/a.jshttp:// a.com/b.js同一域名,不同二级域名(同上)不允许http: //www.b.com/a.jshttp: //www.a.com/b.js不同域名不允许

跨域问题的本质

进程间通信的问题


Java后端解决方式

对于spring 4.2.5以上版本 /** * 支持跨域 * * @return */ @Bean public WebMvcConfigurer corsConfigurer() { return new WebMvcConfigurerAdapter() { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**").allowedOrigins("*").allowedMethods("PUT", "DELETE", "GET", "POST") .allowCredentials(false).maxAge(3600); registry.addMapping("/login").allowedOrigins("*").allowedMethods("PUT", "DELETE", "GET", "POST") .allowCredentials(false).maxAge(3600); } }; } 对于spring 4.2.5以下版本 需要写filter来完成 package com.test.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletResponse; /** * * @author hyson.han */ public class CorsFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) servletResponse; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "x-requested-with,Authorization"); response.setHeader("Access-Control-Allow-Credentials", "true"); chain.doFilter(servletRequest, servletResponse); } @Override public void destroy() { } }

web.xml添加如下配置

<filter> <filter-name>cors</filter-name> <filter-class>com.test.filter.CorsFilter</filter-class> </filter> <filter-mapping> <filter-name>cors</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
转载请注明原文地址: https://www.6miu.com/read-721.html

最新回复(0)