参考博客:
https://my.oschina.net/wangnian/blog/689020
https://blog.csdn.net/java_green_hand0909/article/details/78740765
// 接受任意域名的请求 response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS"); response.setHeader("Access-Control-Allow-Headers", "*"); // 表示是否允许发送Cookie,默认情况下,Cookie不包括在CORS请求之中 response.setHeader("Access-Control-Allow-Credentials", "true"); // 指定本次预检请求的有效期,单位为秒 response.setHeader("Access-Control-Max-Age", "1728000");
W3C: https://www.w3.org/wiki/CORS_Enabled#What_is_CORS_about.3F