Introduction to SpringBoot cross-domain (code example)

This article brings you an introduction to SpringBoot cross-domain (code examples). It has certain reference value. Friends in need can refer to it. I hope it will be helpful to you.

Foreword: For some reason, the company's SpringBoot project often handles some cross-domain requests.

one. In the past, I wrote a class to handle cross-domain processing by consulting relevant information, as follows.

1.1 First define a filter (interception of all requests, including cross-domain requests)

public class CrossDomainFilter implements Filter {
    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {     
        HttpServletRequest hreq = (HttpServletRequest) request;  //
        HttpServletResponse hresp = (HttpServletResponse) response; 
        //跨域
        hresp.setHeader("Access-Control-Allow-Origin", "*");  //设置相应头
        //跨域 Header
        hresp.setHeader("Access-Control-Allow-Methods", "*");
        hresp.setHeader("Access-Control-Allow-Headers", "Content-Type,XFILENAME,XFILECATEGORY,XFILESIZE,x-requested-with,requesttype");
        //header('Access-Control-Allow-Headers:x-requested-with,content-type，requesttype');
        // 浏览器是会先发一次options请求，如果请求通过，则继续发送正式的post请求
        // 配置options的请求返回
        if (hreq.getMethod().equals("OPTIONS")) {  //如果发现该请求为OPTION,则直接返回（不需要进入系统），并且设置相应信息
            hresp.setStatus(200);
            // hresp.setContentLength(0);
            hresp.getWriter().write("OPTIONS returns OK");
            return;
        }
        // Filter 只是链式处理，请求依然转发到目的地址。
        chain.doFilter(request, response);
    }
}

1.2 Register a configuration class (Configuration), and The filter class defined above is registered in the context environment

@Configuration
public class WebConfiguration {
    @Bean
    public RemoteIpFilter remoteIpFilter() {
        return new RemoteIpFilter();
    }
    @Bean
    public FilterRegistrationBean<CrossDomainFilter> testFilterRegistration() {
        FilterRegistrationBean<CrossDomainFilter> registration = new FilterRegistrationBean<CrossDomainFilter>();
        registration.setFilter(new CrossDomainFilter());
        registration.addUrlPatterns("/*");
        registration.addInitParameter("paramName", "paramValue");
        registration.setName("MyFilter");
        registration.setOrder(1);
        return registration;
    }
}

Note: This configuration class mainly solves the problem of intercepting those requests by the filter (CrossDomainFilter) we wrote

2. SpringBoot’s own solution to cross-domain Filter (CorsFilter). The source code of this filter is very simple. You can directly view the doFilterInternal() method of the class, because this method will be called in the doFilter() method (it can be understood that Filter's doFilter() method).

The processing process also accepts the OPTION method and responds with 200 and returns.

@Configuration
@EnableAutoConfiguration
public class CrossOriginconfig {
    @Bean
    public CorsFilter corsFilter() {
        final UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        final CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowCredentials(true);
        // 设置你要允许的网站域名，如果全允许则设为 *
        corsConfiguration.addAllowedOrigin("*");
        // 如果要限制 HEADER 或 METHOD 请自行更改
        corsConfiguration.addAllowedHeader("*");
        corsConfiguration.addAllowedMethod("*");
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        System.out.println("confi init");
        return new CorsFilter(urlBasedCorsConfigurationSource);
    }
}

Three: Personal summary of cross-domain issues

The browser first detects cross-domain issues before sending a request, and Before sending a cross-domain request, a request of type OPTIONS is sent (the request address remains unchanged, and the request header carries some other information). The request must be responded to by the server (please check CrossDomainFilter). If the request does not receive a response , the browser will not send the real request.

3.1: OPTION request sent by the browser (tentative request)

Note: In the picture, we found that the request address remains unchanged () , the request method is OPTION, and the request header carries some information. This information can indicate that I am making a cross-domain request, and the request method is POST. .

3.2: The server needs to respond to the request, (please check CrossDomainFilter)

1) First set the corresponding header (tell the browser some information about the cross-domain requests I support)

2) Set the corresponding status to 200, and return data (arbitrary data)

3.3: The browser has obtained the response to the OPTION request (the server accepts cross-domain), so feel free to send the real request. As follows

1) Compare the OPTION request, the request address has not changed^_^

2) Compare the request method, the request is POST. And the POST request is in OPTIN The server has been told (Access-Control-Request-Method).

3) Comparing the header of the OPTION request, this request does not have Access-Control-Allow-**** related parameters.

The above is the detailed content of Introduction to SpringBoot cross-domain (code example). For more information, please follow other related articles on the PHP Chinese website!