1、第一步:新建CorsFilter,在过滤器中设置相关请求头package com.handlecar.basf_pmdb_service.filter;import org.springframework.web.filter.OncePerRequestFilter;
2、import javax.servlet.*;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.IOException;public class CorsFilter extends OncePerRequestFilter {
3、//public class CorsFilter implements Filter {// static final String ORIGIN = "Origin"; protected void doFilterInternal( HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {// String origin = request.getHeader(ORIGIN); response.setHeader("Access-Control-Allow-Origin", "*");//* or origin as u prefer
4、 response.setHeader("Access颍骈城茇-Control-Allow-Credentials", "true"); respo荏鱿胫协nse.setHeader("Access-Control-Allow-Methods", "PUT, POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600");// response.setHeader("Access-Control-Allow-Headers", "content-type, authorization"); response.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With, Authorization"); response.setHeader("XDomainRequestAllowed","1"); //使前端能够获取到 response.setHeader("Access-Control-Expose-Headers","download-status,download-filename,download-message"); if (request.getMethod().equals("OPTIONS"))// response.setStatus(HttpServletResponse.SC_OK); response.setStatus(HttpServletResponse.SC_NO_CONTENT); else filterChain.doFilter(request, response); }
5、// @Override// public void doFilter(ServletRequest req, ServletRespo荏鱿胫协nse res,// FilterChain chain) throws IOException, ServletException {//// HttpServletResponse response = (HttpServletResponse) res;// //测试环境用【*】匹配,上生产环境后需要切换为实际的前端请求地址// response.setHeader("Access-Control-Allow-Origin", "*");// response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");//// response.setHeader("Access-Control-Max-Age", "0");//// response.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With, auth");//// response.setHeader("Access-Control-Allow-Credentials", "true");!
