服务端结合客户端JS解决跨域问题

DogJay 2019-01-25 后端技术 513人已围观

上一篇文章:[ CROS实现跨域时授权问题](https://www.bossding.com.cn/article/2925.html)主要讲了服务端结局跨域问题,而本文主要讲解了继续讲解服务端解决跨域问题 服务器端解决跨域请求问题,拦截请求并重新设置响应头 服务器端拦截器 ```Java package com.silence.util; import java.io.IOException; import java.text.SimpleDateFormat; import java.util.Date; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class CrossOriginFilter implements Filter { private String allowDomain = ""; private static final Logger logger = LoggerFactory.getLogger(CrossOriginFilter.class); public void init(FilterConfig filterConfig) throws ServletException { allowDomain = filterConfig.getInitParameter("domain"); } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { logger.info("CrossOriginFilter 跨域请求拦截 " + new SimpleDateFormat("YYYY-DD-MM").format(new Date())); HttpServletResponse httpResponse = (HttpServletResponse) response; setAccessControl(httpResponse); chain.doFilter(request, response); } public void destroy() { } /** *在某域名下使用Ajax向另一个域名下的页面请求数据,会遇到跨域问题。另一个域名必须在response中添加 *Access-Control-Allow-Origin 的header,才能让前者成功拿到数据。 *只有当目标页面的response中,包含了 Access-Control-Allow-Origin 这个header,并且它的值里有我们自己的域名时, *浏览器才允许我们拿到它页面的数据进行下一步处理。 *如果它的值设为 * ,则表示谁都可以用 */ private void setAccessControl(HttpServletResponse response) { response.setHeader("Access-Control-Allow-Origin", allowDomain); response.setHeader("Access-Control-Allow-Credentials", "true"); String headers = "Origin, Accept-Language, Accept-Encoding,X-Forwarded-For, Connection, Accept, User-Agent, Host, Referer,Cookie, Content-Type, Cache-Control"; response.setHeader("Access-Control-Allow-Headers", headers); response.setHeader("Access-Control-Request-Method", "GET,POST"); } } ``` 在web.xml中配置 CrossOriginFilter com.silence.util.CrossOriginFilter domain * CrossOriginFilter /* 默认拦截所有的请求,允许来自任何链接的请求

吐槽(0)

上一篇:搞死我五天的SQL

下一篇:栈(Stack)

文章评论

    共有0条评论

    验证码:

文章目录