package com.shiers.config;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.web.cors.CorsConfiguration;import org.springframework.web.cors.UrlBasedCorsConfigurationSource;import org.springframework.web.filter.CorsFilter;/*** Demo class** @author shierS* @date 2021/5/28*/@Configurationpublic class CorsConfig {public CorsConfig(){}@Beanpublic CorsFilter corsFilter(){//1.添加cors配置信息CorsConfiguration config = new CorsConfiguration();config.addAllowedOrigin("http://localhost:8080");//设置是否发送cookie信息config.setAllowCredentials(true);//设置允许请求的方式config.addAllowedMethod("*");//设置允许的headerconfig.addAllowedHeader("*");//2.为url添加映射路径UrlBasedCorsConfigurationSource corsSource = new UrlBasedCorsConfigurationSource();corsSource.registerCorsConfiguration("/**",config);//3.返回重新定义好的corsSourcereturn new CorsFilter(corsSource);}}
什么是CORS?
CORS是一个W3C标准,全称是“跨域资源共享”(Cross-origin resource sharing),允许浏览器向跨源服务器,发出XMLHttpRequest请求,从而克服了AJAX只能同源使用的限制。
它通过服务器增加一个特殊的Header[Access-Control-Allow-Origin]来告诉客户端跨域的限制,如果浏览器支持CORS、并且判断Origin通过的话,就会允许XMLHttpRequest发起跨域请求。
CORS Header实例:
| CORS HeaderAccess-Control-Allow-Origin: http://www.xxx.com Access-Control-Max-Age:86400 Access-Control-Allow-Methods:GET, POST, OPTIONS, PUT, DELETE Access-Control-Allow-Headers: content-type Access-Control-Allow-Credentials: true |
|---|
含义解释:
| Access-Control-Allow-Origin | 允许http://www.xxx.com域(自行设置,这里只做示例)发起跨域请求 |
|---|---|
| Access-Control-Max-Age | 设置在86400秒不需要再发送预校验请求 |
| Access-Control-Allow-Methods | 设置允许跨域请求的方法 |
| Access-Control-Allow-Headers | 允许跨域请求包含content-type |
| Access-Control-Allow-Credentials | 设置允许Cookie |
<br /> <br /> <br /> <br />[
](https://blog.csdn.net/qq_39390545/article/details/106615075)
若有收获,就点个赞吧
0 人点赞
