package com.shiers.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
/**
* Demo class
*
* @author shierS
* @date 2021/5/28
*/
@Configuration
public class CorsConfig {
public CorsConfig(){}
@Bean
public CorsFilter corsFilter(){
//1.添加cors配置信息
CorsConfiguration config = new CorsConfiguration();
config.addAllowedOrigin("http://localhost:8080");
//设置是否发送cookie信息
config.setAllowCredentials(true);
//设置允许请求的方式
config.addAllowedMethod("*");
//设置允许的header
config.addAllowedHeader("*");
//2.为url添加映射路径
UrlBasedCorsConfigurationSource corsSource = new UrlBasedCorsConfigurationSource();
corsSource.registerCorsConfiguration("/**",config);
//3.返回重新定义好的corsSource
return new CorsFilter(corsSource);
}
}
什么是CORS?
CORS是一个W3C标准,全称是“跨域资源共享”(Cross-origin resource sharing),允许浏览器向跨源服务器,发出XMLHttpRequest请求,从而克服了AJAX只能同源使用的限制。
它通过服务器增加一个特殊的Header[Access-Control-Allow-Origin]来告诉客户端跨域的限制,如果浏览器支持CORS、并且判断Origin通过的话,就会允许XMLHttpRequest发起跨域请求。
CORS Header实例:
CORS HeaderAccess-Control-Allow-Origin: http://www.xxx.com Access-Control-Max-Age:86400 Access-Control-Allow-Methods:GET, POST, OPTIONS, PUT, DELETE Access-Control-Allow-Headers: content-type Access-Control-Allow-Credentials: true |
---|
含义解释:
Access-Control-Allow-Origin | 允许http://www.xxx.com域(自行设置,这里只做示例)发起跨域请求 |
---|---|
Access-Control-Max-Age | 设置在86400秒不需要再发送预校验请求 |
Access-Control-Allow-Methods | 设置允许跨域请求的方法 |
Access-Control-Allow-Headers | 允许跨域请求包含content-type |
Access-Control-Allow-Credentials | 设置允许Cookie |
<br /> <br /> <br /> <br />[
](https://blog.csdn.net/qq_39390545/article/details/106615075)