response.setCharacterEncoding(“UTF-8”);
response.setHeader(“Access-Control-Allow-Origin”, ““);
/ 星号表示所有的域都可以接受, */
response.setHeader(“Access-Control-Allow-Methods”, “GET,POST”);
配置允许跨域请求
前后端分离的项目,很容易遇到跨域问题。
@WebFilter("/*")
public class CORSFilter implements Filter {
public CORSFilter() {
}
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
//设置跨域请求
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String[] allowDomains = {"http://www域名1",http://www域名2"};
Set allowOrigins = new HashSet(Arrays.asList(allowDomains));
String originHeads = request.getHeader("Origin");
if(allowOrigins.contains(originHeads)){
response.setHeader("Access-Control-Allow-Origin", originHeads);
response.setHeader("Access-Control-Allow-Methods", "POST,GET,OPTIONS,DELETE,HEAD,PUT,PATCH");
response.setHeader("Access-Control-Max-Age", "36000");
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept,Authorization,authorization");
response.setHeader("Access-Control-Allow-Credentials","true");
}
chain.doFilter(req, response);
}
public void init(FilterConfig fConfig) throws ServletException {
}
}
说明:
- 配置跨域访问的最简单的方式是用通配符 * ,(就是不安全,所有的请求都能跨域),如下代码:
response.setHeader("Access-Control-Allow-Origin","*");
这种方式不爽的地方就是前端浏览器不能带cookie信息(前端不能用带cookie的请求模式)如下:
response.setHeader("Access-Control-Allow-Origin","*");
response.setHeader("Access-Control-Allow-Credentials","true");//保持跨域 Ajax 时的 Cookie
服务器端 Access-Control-Allow-Credentials = true时,参数Access-Control-Allow-Origin 的值不能为 ‘*’ 。否则不起作用
允许多个域名跨域访问时,根据上面的方式去设置一个数据集合就可以了。