添加以下设置可允许所有域名跨域访问:
response.setHeader("Access-Control-Allow-Origin","*");
但在实际应用中,为了安全起见,不应该让所有域名都能跨域请求服务器API,需要设置指定的几个域名可以访问,直接通过以下代码是不能实现的
response.setHeader("Access-Control-Allow-Origin","http://localhost:8000, http://oa.ewsd.cn");
可把需要指定能跨域访问的域名通过数组的方式进行设置,代码如下:
// 允许跨域请求
String[] allowDomain = {"http://localhost:8000", "http://oa.ewsd.cn"};
Set<String> allowedOrigins = new HashSet<String>(Arrays.asList(allowDomain));
String originHeader = request.getHeader("Origin");
if (allowedOrigins.contains(originHeader)) {
response.setHeader("Access-Control-Allow-Origin", originHeader);
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Cookie");
response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH");
response.setHeader("Access-Control-Allow-Credentials", "true");
}