It is due to the same-origin policy restrictions of the browser. Same origin policy (Same origin policy) is a convention. It is the core and most basic security function of the browser. If the same origin policy is missing, the normal functions of the browser may be affected. The Web is built based on the same-origin policy, and the browser is just a way to implement the same-origin policy.
In JavaScript, the same-origin policy will limit interactions between different domains and prevent cross-domain attacks. The so-called same origin (that is, in the same domain) means that the two pages have the same protocol, host and port
When any one of the protocol, domain name, and port of a request URL is different from the current page URL, it is cross-domain
Unable to read Cookie, LocalStorage and IndexedDB of non-homogeneous web pages
Unable to access the DOM of non-homologous web pages
Unable to send AJAX requests to non-original addresses
For CORS cross-domain requests, There are mainly the following methods to choose from:
Return new CorsFilter
Rewrite WebMvcConfigurer
Use the annotation @CrossOrigin
Manually set the response header (HttpServletResponse)
@Configuration public class GlobalCorsConfig { @Bean public CorsFilter corsFilter() { //1. 添加 CORS配置信息 CorsConfiguration config = new CorsConfiguration(); //放行哪些原始域 config.addAllowedOrigin("*"); //是否发送 Cookie config.setAllowCredentials(true); //放行哪些请求方式 config.addAllowedMethod("*"); //放行哪些原始请求头部信息 config.addAllowedHeader("*"); //暴露哪些头部信息 config.addExposedHeader("*"); //2. 添加映射路径 UrlBasedCorsConfigurationSource corsConfigurationSource = new UrlBasedCorsConfigurationSource(); corsConfigurationSource.registerCorsConfiguration("/**",config); //3. 返回新的CorsFilter return new CorsFilter(corsConfigurationSource); } }2. Override WebMvcConfigurer (global cross-domain)
@Configuration public class CorsConfig implements WebMvcConfigurer { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") //是否发送Cookie .allowCredentials(true) //放行哪些原始域 .allowedOrigins("*") .allowedMethods(new String[]{"GET", "POST", "PUT", "DELETE"}) .allowedHeaders("*") .exposedHeaders("*"); } }
@RestController @CrossOrigin(origins = "*") public class HelloController { @RequestMapping("/hello") public String hello() { return "hello world"; } }Use the annotation @CrossOrigin on the method:
@RequestMapping("/hello") @CrossOrigin(origins = "*") //@CrossOrigin(value = "http://localhost:8081") //指定具体ip允许跨域 public String hello() { return "hello world"; }4. Manually set the response header (local cross-domain)Use the HttpServletResponse object to add the response header (Access-Control- Allow-Origin) to authorize the original domain. The value of Origin here can also be set to "*", indicating that all permissions are allowed.
@RequestMapping("/index") public String index(HttpServletResponse response) { response.addHeader("Access-Allow-Control-Origin","*"); return "index"; }5. Use custom filter to achieve cross-domain First write a filter, which can be named MyCorsFilter.java
package com.mesnac.aop; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletResponse; import org.springframework.stereotype.Component; @Component public class MyCorsFilter implements Filter { public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "x-requested-with,content-type"); chain.doFilter(req, res); } public void init(FilterConfig filterConfig) {} public void destroy() {} }Configure this filter in web.xml device to make it effective
<!-- 跨域访问 START--> <filter> <filter-name>CorsFilter</filter-name> <filter-class>com.mesnac.aop.MyCorsFilter</filter-class> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 跨域访问 END -->
The above is the detailed content of What are the ways Spring Boot implements cross-domain implementation?. For more information, please follow other related articles on the PHP Chinese website!