1 package com.donleo.ssm.filter; 2 3 import javax.servlet.*; 4 import javax.servlet.http.HttpServletRequest; 5 import javax.servlet.http.HttpServletResponse; 6 import java.io.IOException; 7 8 /** 9 * @author liangd 10 * date 2020-11-17 17:05 11 * code 跨域设置 12 */ 13 public class CrossDomainFilter implements Filter { 14 private boolean isCross = false; 15 16 @Override 17 public void destroy() { 18 isCross = false; 19 } 20 21 @Override 22 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) 23 throws IOException, ServletException { 24 if (isCross) { 25 HttpServletRequest httpServletRequest = (HttpServletRequest) request; 26 HttpServletResponse httpServletResponse = (HttpServletResponse) response; 27 System.out.println("拦截请求: " + httpServletRequest.getServletPath()); 28 httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
//允许cookie跨域设置
//httpServletResponse.setHeader("Access-Control-Allow-Origin", httpServletRequest.getHeader("Origin"));
29 httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); 30 httpServletResponse.setHeader("Access-Control-Max-Age", "0"); 31 httpServletResponse.setHeader("Access-Control-Allow-Headers", 32 "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token"); 33 httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true"); 34 httpServletResponse.setHeader("XDomainRequestAllowed", "1"); 35 } 36 chain.doFilter(request, response); 37 } 38 39 @Override 40 public void init(FilterConfig filterConfig) throws ServletException { 41 String isCrossStr = filterConfig.getInitParameter("IsCross"); 42 isCross = isCrossStr.equals("true") ? true : false; 43 System.out.println(isCrossStr); 44 } 45 }
- 如果前端设了允许跨域携带cookie,服务器可能会报错:需要制定一个具体的请求源,
- httpServletRequest.getHeader("Origin") 方法直接获取请求源的地址;
- 例如,发送求的地址是:localhost:8058,那么httpServletRequest.getHeader("Origin")就会获得localhost:8058
- 意思就是:谁来请求我,我就允许谁请求。
前端Ajax发送请求
1 function MyAjax(url,data,type,callback) { 2 let user=$.cookie("token") 3 $.ajax({ 4 url:URL+url, 5 type:type, 6 contentType:"application/json; charset=utf-8", 7 headers:{ 8 "Authorization":$.cookie("token") 9 }, 10 dataType:"json", 11 data:data, 12 // 13 xhrFields: { 14 withCredentials: true //允许跨域带Cookie 15 }, 16 success:function (res) { 17 AssertToken(res) 18 callback(res); 19 // console.log(res) 20 }, 21 error:function (err) { 22 // console.log(err) 23 } 24 }) 25 }