How SpringBoot implements global and local cross-domain

What is cross-domain

The so-called cross-domain request means: the domain where the request is currently initiated is different from the domain where the resource pointed to by the request is located. The domain here refers to the concept: We believe that if the protocol, domain name, and port number are all the same, then they are in the same domain.

Solution to cross-domain

The backend solves cross-domain, mainly with the help of cors

Partial solution (using annotations)

You can use annotations: @CrossOrigin

After this annotation is turned on, it can solve the cross-domain problem. It can be added to the controller. On the surface, all methods in the controller have undergone cross-domain processing. It can also be added to a method alone to indicate that there is only this one. The method has been processed across domains

#But its default value is *, which means that all are allowed by default, which is not very safe in theory

If there are multiple controllers or methods in the project, using annotations will be very useless. If adding them one by one is too troublesome, then you can use global annotations

Global solution

Principle: Create a configuration class, enable cross-domain registration, and use the @Configuration annotation to inject this class into the project as a configuration

We can freely configure the request method , as well as domain name permissions, request time, and more detailed control of cross-domain scope

package com.wyh.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

/**
 * @Description: 解决全局跨域
 * @Author: 魏一鹤
 * @Date: 2022-11-30 22:44
 **/

@Configuration
public class CorsMapping implements WebMvcConfigurer {

    @Override
    /**
     * 重新跨域支持方法
     * CorsRegistry  开启跨域注册
     */
    public void addCorsMappings(CorsRegistry registry) {
        //addMapping 添加可跨域的请求地址
        registry.addMapping("/**")
                //设置跨域 域名权限 规定由某一个指定的域名+端口能访问跨域项目
                .allowedOrigins("*")
                //是否开启cookie跨域
                .allowCredentials(false)
                //规定能够跨域访问的方法类型
                .allowedMethods("GET","POST","DELETE","PUT","OPTIONS")
                //添加验证头信息  token
                //.allowedHeaders()
                //预检请求存活时间 在此期间不再次发送预检请求
                .maxAge(3600);
    }
}

Note: Don’t forget the @Configuration annotation, otherwise the configuration will be invalid! ! !

The above is the detailed content of How SpringBoot implements global and local cross-domain. For more information, please follow other related articles on the PHP Chinese website!