我知道我可以通过像这样的过滤器添加Cors支持:https://spring.io/guides/gs/rest-service-cors/。Spring 4.1 MVC是否支持Cors?
该指南在创建时,我不知道和以后的版本是否带有一个Cors内置的实现......
我知道我可以通过像这样的过滤器添加Cors支持:https://spring.io/guides/gs/rest-service-cors/。Spring 4.1 MVC是否支持Cors?
该指南在创建时,我不知道和以后的版本是否带有一个Cors内置的实现......
我不知道任何内置弹簧CORS过滤器,但F.E. apache有一个实现它(我怀疑JBOSS,Glassfish ......没有)。如果你使用Tomcat,把这个在你的web.xml:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,Authorization, X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
把params为您的喜好,不要忘了在客户端启用CORS为好。 此外,如果你使用Spring Security,确保SS filterChain是CorsFilter设置后(有时失败,没有的话)
希望这有助于,好运气
Spring框架4.1不仅具有内置的CORS支持SockJS和允许specify a list of allowed origins用于Websocket和SockJS。
一流的CORS支持从Spring Framework 4.2 GA开始提供。有关更多详细信息,请参阅this blog post。
public class CORSFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
response.addHeader("Access-Control-Allow-Origin", "*");
if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) {
// CORS "pre-flight" request
response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
// response.addHeader("Access-Control-Allow-Headers", "Authorization");
response.addHeader("Access-Control-Allow-Headers", "Content-Type");
response.addHeader("Access-Control-Max-Age", "1");
}
filterChain.doFilter(request, response);
}
}
这添加到您的web.xml
<!-- Add this to your web.xml to enable "CORS" -->
<filter>
<filter-name>cors</filter-name>
<filter-class>tk.aalkhodiry.filters.CORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>cors</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
为我工作...非常感谢! – 2015-12-05 16:36:48
为我工作,更喜欢Aalkhodiry的方式,但使用此。 – dzgeek 2017-07-02 14:51:28