*
tomcat 解决跨域,
1,据说tomcat7.0.40以上才有自带的CrosFilter,在WEB-INF/web.xml中配置即可:
<filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> <init-param> <param-name>cors.allowed.origins</param-name> <param-value>*</param-value> </init-param> <init-param> <param-name>cors.allowed.methods</param-name> <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value> </init-param> <init-param> <param-name>cors.allowed.headers</param-name> <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,yourdefinedname</param-value> </init-param> <init-param> <param-name>cors.exposed.headers</param-name> <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials,Access-Control-Allow-Headers</param-value> </init-param> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
2,tomcat7.0.40以下解决跨域,web.xml中
<filter> <filter-name>CorsFilter</filter-name> <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class> <init-param> <param-name>cors.allowOrigin</param-name> <param-value>*</param-value> </init-param> <init-param> <param-name>cors.supportedMethods</param-name> <param-value>GET, POST, HEAD, PUT, DELETE</param-value> </init-param> <init-param> <param-name>cors.supportedHeaders</param-name> <param-value>Accept, Origin, X-Requested-With, Content-Type, Last-Modified,Access-Control-Request-Headers</param-value> </init-param> <init-param> <param-name>cors.exposedHeaders</param-name> <param-value>Set-Cookie</param-value> </init-param> <init-param> <param-name>cors.supportsCredentials</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
,需要引入两个包,如果是用maven,则pom.xml中可以加上下面这句,保存后自动会下载:
<dependency> <groupId>com.thetransactioncompany</groupId> <artifactId>cors-filter</artifactId> <version>1.7</version> <scope>runtime</scope> </dependency>
maven仓库下载地址可以这样配置,{maven_home}/conf/settings.xml:
<mirror> <id>sensordata</id> <mirrorOf>central</mirrorOf> <name>Human Readable Name for this Mirror.</name> <url>http://central.maven.org/maven2/</url> </mirror> <mirror> <id>repo2</id> <mirrorOf>central</mirrorOf> <name>Human Readable Name for this Mirror.</name> <url>http://repo2.maven.org/maven2/</url> </mirror> <mirror> <id>ibiblio1</id> <mirrorOf>central</mirrorOf> <name>Human Readable Name for this Mirror.</name> <url>http://mirrors.ibiblio.org/maven2/</url> </mirror> <mirror> <id>alimaven</id> <name>aliyun maven</name> <url>http://maven.aliyun.com/nexus/content/groups/public/</url> <mirrorOf>central</mirrorOf> </mirror> </mirrors>
3,也可以自定义跨域过滤器,这个应该不针对tomcat版本
第一步,写一个类 CrosFilter.java
import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletResponse; public class CrosFilter implements Filter{ @Override public void init(FilterConfig filterConfig) throws ServletException { // TODO Auto-generated method stub } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletResponse res = (HttpServletResponse) response; res.setContentType("text/html;charset=UTF-8"); res.setHeader("Access-Control-Allow-Origin", "*"); res.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); res.setHeader("Access-Control-Max-Age", "0"); res.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type"); res.setHeader("Access-Control-Allow-Credentials", "true"); res.setHeader("XDomainRequestAllowed","1"); chain.doFilter(request, response); } @Override public void destroy() { // TODO Auto-generated method stub } }
第二步,在web.xml中配置过滤器
<filter> <filter-name>cros</filter-name> <filter-class>com.zlfund.openapi.webserver.filter.CrosFilter</filter-class> </filter> <filter-mapping> <filter-name>cros</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
*********
这几种都可以解决,但是公司预生产就一直存在 跨域,原来它还经过了 nginx,在那里也要配置
server {
listen 443;
server_name myapi.com;
access_log /var/log/nginx/myapiaccess.log myapi_access;
error_log /var/log/nginx/myapierror.log;
more_set_headers "Access-Control-Allow-Origin: $http_origin";
# more_set_headers "Access-Control-Allow-Credentials : true";
# more_set_headers "Access-Control-Allow-Methods: GET,POST,HEAD,OPTIONS,PUT";
# more_set_headers "Access-Control-Expose-Headers: Access-Control-Allow-Headers,Access-Control-Allow-Origin,Access-Control-Allow-Credentials";
# more_set_headers "Access-Control-Allow-Headers: retdatatype,content-type,access-control-request-headers,accept,access-control-request-method,origin,x-requested-with";
more_set_headers "Access-Control-Allow-Headers: retdatatype,content-type";
使用的是 https://myapi.com 访问,所以在443 这里配置
*