前后端分离的话,经常是前端代码部署的服务器和后台部署的服务器不一样,域名也不一样。这个时候就会有跨域问题。我们可以通过前端的处理方式jsonp(基于js的无视域名调用和callback回调封装),但是这里只说后台java 的处理方式
代码:
跨域问题是浏览器控制台虽然会抛异常,但是仍然会发起这个请求。
后台设置响应头Access-Control-Allow-Origin
表示了指定允许其他域名访问 ,也就是告诉浏览器,这个域名来的请求是可以接受的
所以我们配置一个过滤器;
package com.yeahka.online.shop.filter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
/**
* 解决跨域请求
*
* @author victor
*/
@Component
@Order(Integer.MIN_VALUE)
@WebFilter(urlPatterns = {"/*"})
public class SessionFilter implements Filter {
private static Logger log = LoggerFactory.getLogger(SessionFilter.class);
@Override
public void init(FilterConfig filterConfig) {}
@Override
public void doFilter(
ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
Set<String> allowedOrigins = new HashSet<>();
//这里配置上前端的域名
allowedOrigins.add("https://www.baidu.com");
allowedOrigins.add("http://www.baidu.com");
String originHeader = request.getHeader("Origin");
//这里判断请求的来源是不是我们的前端域名
if (allowedOrigins.contains(originHeader)) {
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "content-type, x-requested-with,agentId");
response.setHeader("Access-Control-Allow-Credentials", "true");
}
String uri = request.getRequestURI();
log.info("filter_url:{}", uri);
filterChain.doFilter(request, response);
}
@Override
public void destroy() {}
}
这样就可以了