官方解决方案:https://spring.io/blog/2015/06/08/cors-support-in-spring-framework
1.注解方式 (@CrossOrigin也可以放到类上)
@RestController
@RequestMapping("/account")
public class AccountController {
@CrossOrigin
@GetMapping("/{id}")
public Account retrieve(@PathVariable Long id) {
// ...
}
@DeleteMapping("/{id}")
public void remove(@PathVariable Long id) {
// ...
}
}
2.全局配置方式 (Global CORS configuration)
@Configuration
public class CorsConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**");
}
}
以上几种方式有可能会和自己的拦截器有冲突,所以官方提供了过滤器的解决方案
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Autowired
private AuthInterceptor authInterceptor;
@Autowired
private LimitingInterceptor limitingInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
/* 鉴权拦截器 */
registry.addInterceptor(authInterceptor).order(1).addPathPatterns("/toShortUrl", "/batchToShortUrl", "/test");
/* 限流拦截器 */
registry.addInterceptor(limitingInterceptor).order(2).addPathPatterns("/toShortUrl", "/batchToShortUrl", "/test");
}
}
上面的拦截器配置方式因为优先级设置的过高(order(1)),但是因为业务需要不能更改,但是上面的跨域解决方式实际上也是使用拦截器实现的,官方实现如下:
所以可以使用下面方式来解决跨域问题
@Configuration
public class MyConfiguration {
@Bean
public FilterRegistrationBean corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
bean.setOrder(0);
return bean;
}
}
注意:请求时的参数Origin不能为null,以下测试方式时Origin就会为Null