(剧透)答案在最下面的补充
加一个拦截器,在需要跨域的请求头上添加CORS
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* 跨域CORS拦截器
* @author Fcx
*/
@Component
public class CorsInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//添加跨域CORS
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Headers", "*,token");
response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH");
return true;
}
}
需要注意:
- 在我们理解中,默认*号 代表允许所有的,但是有一些浏览器不能识别星号, 为了避免这种情况,自己所需要的请求头都手动加上, 比如上面我自己加的token 这块是个大坑~
- 跨域的情况用nginx处理是最好的,拦截器只是个备用方案
2019.6.10 补充解决不识别或者不允许星号的问题
/**
* 跨域CORS拦截器
*
* @author Fcx
*/
@Component
public class CorsInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (request.getHeader(HttpHeaders.ORIGIN) != null) {
//添加跨域CORS
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, token, enctype, *");
response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH");
response.addHeader("Access-Control-Allow-Credentials", "true");
response.addHeader("Access-Control-Max-Age", "3600 * 24");
}
return true;
}
}
从请求头里拿到当前的Origin,这样跟*的效果就一样啦,应该再也不会有跨域的问题了
