前後端分離的話,經常是前端代碼部署的服務器和後臺部署的服務器不一樣,域名也不一樣。這個時候就會有跨域問題。我們可以通過前端的處理方式jsonp(基於js的無視域名調用和callback回調封裝),但是這裏只說後臺java 的處理方式
代碼:
跨域問題是瀏覽器控制檯雖然會拋異常,但是仍然會發起這個請求。
後臺設置響應頭Access-Control-Allow-Origin
表示了指定允許其他域名訪問 ,也就是告訴瀏覽器,這個域名來的請求是可以接受的
所以我們配置一個過濾器;
package com.yeahka.online.shop.filter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
/**
* 解決跨域請求
*
* @author victor
*/
@Component
@Order(Integer.MIN_VALUE)
@WebFilter(urlPatterns = {"/*"})
public class SessionFilter implements Filter {
private static Logger log = LoggerFactory.getLogger(SessionFilter.class);
@Override
public void init(FilterConfig filterConfig) {}
@Override
public void doFilter(
ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
Set<String> allowedOrigins = new HashSet<>();
//這裏配置上前端的域名
allowedOrigins.add("https://www.baidu.com");
allowedOrigins.add("http://www.baidu.com");
String originHeader = request.getHeader("Origin");
//這裏判斷請求的來源是不是我們的前端域名
if (allowedOrigins.contains(originHeader)) {
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "content-type, x-requested-with,agentId");
response.setHeader("Access-Control-Allow-Credentials", "true");
}
String uri = request.getRequestURI();
log.info("filter_url:{}", uri);
filterChain.doFilter(request, response);
}
@Override
public void destroy() {}
}
這樣就可以了