1.控制台报错
Access to XMLHttpRequest at 'http://ip:9999/tradeSale/detail?id=6' from origin 'http://ip:8081' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
2.WebConfig
import com.oigcn.association.common.WebInterceptor; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.*; @Configuration public class WebConfig implements WebMvcConfigurer { @Value("${file.linux.path}") private String path; /** * 拦截器 * @param registry */ @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(new WebInterceptor()) .addPathPatterns("/**") .excludePathPatterns("/login/**") .excludePathPatterns("/images/**") .excludePathPatterns("/**/page"); } /** * 跨域支持 * @param registry */ @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowCredentials(true) .allowedHeaders("*") .allowedOrigins("*") .allowedMethods("*") .maxAge(3600); } /** * 文件上传 * @param registry */ @Override public void addResourceHandlers(ResourceHandlerRegistry registry) { registry.addResourceHandler(path + "**").addResourceLocations("file:" + path); } }
3.WebInterceptor
import com.auth0.jwt.interfaces.DecodedJWT; import com.oigcn.association.utils.TokenUtil; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang.StringUtils; import org.springframework.web.servlet.HandlerInterceptor; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @Slf4j public class WebInterceptor implements HandlerInterceptor { /** * 拦截token * @param request * @param response * @param handler * @return * @throws Exception */ @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws AuthException { //加上这段话 String method = request.getMethod(); if(method.equalsIgnoreCase("OPTIONS")){ return true; } String token = request.getHeader("token"); if(StringUtils.isBlank(token)){ log.error("未授权url={}",request.getRequestURI()); throw new AuthException("未授权"); } DecodedJWT jwt = TokenUtil.verify(token); if(jwt != null){ long uid = jwt.getClaim("uid").asLong(); if(uid > 0){ return true; } }else{ throw new AuthException("未授权"); } return false; } }
4.总结
浏览器在发送请求时会默认先发送一次类型为’OPTIONS’且不带任何参数的请求,请求成功后才会发送真正的POST或者GET请求,而在后台拦截器中通常只处理了POST或者get类型的请求,而没有对OPTIONS类型的请求做处理,因此前端发送的预检请求无法通过后端的拦截器,导致真正的POST(GET)请求无法发送,要么在前端过滤掉OPTIONS,要么在后台直接返回