Spring Boot 跨域过滤器(过滤器跨域问题)

重写WebMvcConfigurer#addCorsMappings()可以解决一部分跨域的问题,但是对于有些过滤器涉及到跨域,且拦截器位面较高的话,还是会出现一些跨域问题。

配置 CorsFilter 跨域过滤器,一劳永逸

CorsFilterRegistrationConfig

package site.yuyanjia.template.common.config;

import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

import java.util.ArrayList;
import java.util.List;

/**
 * 跨域过滤器
 *
 * @author seer
 * @date 2018/6/29 10:09
 */
@Configuration
@ConfigurationProperties(prefix = CorsFilterRegistrationConfig.PREFIX)
public class CorsFilterRegistrationConfig {
    public static final String PREFIX = "yuyanjia.filter.cors";

    /**
     * 允许跨域地址
     * 允许所有:*
     */
    private List allowedOriginList = new ArrayList<>();

    /**
     * 允许请求头信息
     * 允许所有:*
     */
    private List allowedHeaderList = new ArrayList<>();

    /**
     * 允许请求信息
     * 允许所有:*
     */
    private List allowedMethodList = new ArrayList<>();

    /**
     * 允许暴露信息
     */
    private List exposedHeaderList = new ArrayList<>();

    /**
     * 允许证书
     */
    private Boolean allowCredentials = true;


    /**
     * 缓存时间
     */
    private Long maxAge = 3600L;

    /**
     * 过滤地址
     */
    private String mapping = "";

    /**
     * 跨域过滤器
     *
     * @return
     */
    @Bean
    public FilterRegistrationBean CrosFilterRegistrationBean() {

        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowedOrigins(allowedOriginList);
        corsConfiguration.setAllowedHeaders(allowedHeaderList);
        corsConfiguration.setAllowedMethods(allowedMethodList);
        corsConfiguration.setExposedHeaders(exposedHeaderList);
        corsConfiguration.setMaxAge(maxAge);
        corsConfiguration.setAllowCredentials(allowCredentials);

        UrlBasedCorsConfigurationSource configurationSource = new UrlBasedCorsConfigurationSource();
        configurationSource.registerCorsConfiguration(mapping, corsConfiguration);

        CorsFilter corsFilter = new CorsFilter(configurationSource);

        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(corsFilter);
        filterRegistrationBean.setOrder(0);
        return filterRegistrationBean;
    }

    public List getAllowedOriginList() {
        return allowedOriginList;
    }

    public void setAllowedOriginList(List allowedOriginList) {
        this.allowedOriginList = allowedOriginList;
    }

    public List getAllowedHeaderList() {
        return allowedHeaderList;
    }

    public void setAllowedHeaderList(List allowedHeaderList) {
        this.allowedHeaderList = allowedHeaderList;
    }

    public List getAllowedMethodList() {
        return allowedMethodList;
    }

    public void setAllowedMethodList(List allowedMethodList) {
        this.allowedMethodList = allowedMethodList;
    }

    public List getExposedHeaderList() {
        return exposedHeaderList;
    }

    public void setExposedHeaderList(List exposedHeaderList) {
        this.exposedHeaderList = exposedHeaderList;
    }

    public Boolean getAllowCredentials() {
        return allowCredentials;
    }

    public void setAllowCredentials(Boolean allowCredentials) {
        this.allowCredentials = allowCredentials;
    }

    public Long getMaxAge() {
        return maxAge;
    }

    public void setMaxAge(Long maxAge) {
        this.maxAge = maxAge;
    }

    public String getMapping() {
        return mapping;
    }

    public void setMapping(String mapping) {
        this.mapping = mapping;
    }
}

application.yml

yuyanjia:
  filter:
    cors:
      allowed-origin-list:
       - '*'
      allowed-header-list:
       - '*'
      allowed-method-list:
       - POST
       - GET
      exposed-header-list:
       - access-control-allow-headers
       - access-control-allow-methods
       - access-control-allow-origin
       - access-control-max-age
       - X-Frame-Options
      mapping: /website/**

推荐一些关于HTTP请求的相关资料,有助于了解跨域请求

Access-Control-Allow-Origin 这个里有跨域相关属性设置的一切概念解释
前端 | 浅谈preflight request
HTTP响应头和请求头信息对照表
四种常见的 POST 提交数据方式对应的content-type取值 Spring Boot 会根据 Content-type 确定 HttpMessageConverter

你可能感兴趣的:(Spring Boot 跨域过滤器(过滤器跨域问题))