重写WebMvcConfigurer#addCorsMappings()可以解决一部分跨域的问题,但是对于有些过滤器涉及到跨域,且拦截器位面较高的话,还是会出现一些跨域问题。
配置 CorsFilter 跨域过滤器,一劳永逸
CorsFilterRegistrationConfig
package site.yuyanjia.template.common.config;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
import java.util.ArrayList;
import java.util.List;
@Configuration
@ConfigurationProperties(prefix = CorsFilterRegistrationConfig.PREFIX)
public class CorsFilterRegistrationConfig {
public static final String PREFIX = "yuyanjia.filter.cors";
private List allowedOriginList = new ArrayList<>();
private List allowedHeaderList = new ArrayList<>();
private List allowedMethodList = new ArrayList<>();
private List exposedHeaderList = new ArrayList<>();
private Boolean allowCredentials = true;
private Long maxAge = 3600L;
private String mapping = "";
@Bean
public FilterRegistrationBean CrosFilterRegistrationBean() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.setAllowedOrigins(allowedOriginList);
corsConfiguration.setAllowedHeaders(allowedHeaderList);
corsConfiguration.setAllowedMethods(allowedMethodList);
corsConfiguration.setExposedHeaders(exposedHeaderList);
corsConfiguration.setMaxAge(maxAge);
corsConfiguration.setAllowCredentials(allowCredentials);
UrlBasedCorsConfigurationSource configurationSource = new UrlBasedCorsConfigurationSource();
configurationSource.registerCorsConfiguration(mapping, corsConfiguration);
CorsFilter corsFilter = new CorsFilter(configurationSource);
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(corsFilter);
filterRegistrationBean.setOrder(0);
return filterRegistrationBean;
}
public List getAllowedOriginList() {
return allowedOriginList;
}
public void setAllowedOriginList(List allowedOriginList) {
this.allowedOriginList = allowedOriginList;
}
public List getAllowedHeaderList() {
return allowedHeaderList;
}
public void setAllowedHeaderList(List allowedHeaderList) {
this.allowedHeaderList = allowedHeaderList;
}
public List getAllowedMethodList() {
return allowedMethodList;
}
public void setAllowedMethodList(List allowedMethodList) {
this.allowedMethodList = allowedMethodList;
}
public List getExposedHeaderList() {
return exposedHeaderList;
}
public void setExposedHeaderList(List exposedHeaderList) {
this.exposedHeaderList = exposedHeaderList;
}
public Boolean getAllowCredentials() {
return allowCredentials;
}
public void setAllowCredentials(Boolean allowCredentials) {
this.allowCredentials = allowCredentials;
}
public Long getMaxAge() {
return maxAge;
}
public void setMaxAge(Long maxAge) {
this.maxAge = maxAge;
}
public String getMapping() {
return mapping;
}
public void setMapping(String mapping) {
this.mapping = mapping;
}
}
application.yml
yuyanjia:
filter:
cors:
allowed-origin-list:
- '*'
allowed-header-list:
- '*'
allowed-method-list:
- POST
- GET
exposed-header-list:
- access-control-allow-headers
- access-control-allow-methods
- access-control-allow-origin
- access-control-max-age
- X-Frame-Options
mapping: /website/**
推荐一些关于HTTP请求的相关资料,有助于了解跨域请求
![跨域失败 过滤器_shiro 和 跨域过滤器冲突[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)