從后端解決 · Java后端框架Ⅲ

參考：https://cloud.tencent.com/developer/article/1668879 課件代碼：https://gitee.com/flymini/codes02/tree/master/cors_/com-learn-cors01 **** 從后端解決跨域訪問，總結如下幾種解決方案，采用其中任意一種即可。 **1. 在 controller 層采用注解`@CrossOrigin`** ```java @RestController @CrossOrigin //將注解用在類上或方法上 public class VideoController { @PostMapping(value = "/demo") public Json demo(HttpServletRequest request, HttpServletResponse response) { System.out.println("...demo..."); } } ``` **2. 實現方法`addCorsMappings`** ```java @Configuration public class DemoConfig implements WebMvcConfigurer { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") //允許訪問 /** .allowedOrigins("*") //允許跨域訪問 .allowedMethods("GET", "POST") //允許以GET、POST方法訪問 .allowedHeaders("*") //允許任意請求頭訪問 .allowCredentials(true); } } ``` **3. 在過濾器中配置允許跨域訪問** ```java @Component @WebFilter public class CorsFilter implements Filter { @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "*"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "*"); response.setHeader("Access-Control-Allow-Credentials", "true"); chain.doFilter(req, res); } } ``` **4. 在攔截器中配置允許跨域訪問** （1）實現攔截器接口。 ```java @Component public class CustomHandlerInterceptorAdapter extends HandlerInterceptorAdapter { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "*"); response.setHeader("Access-Control-Allow-Credentials", "true"); return true; } } ``` （2）注冊攔截器到環境中。 ```java @Configuration public class CustomWebMvcConfigurer implements WebMvcConfigurer { @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(new CustomHandlerInterceptorAdapter()); } } ``` **5. 通過網關訪問** 允許跨域訪問網關，然后由網關去訪問想要的服務。 ```yml spring: cloud: gateway: globalcors: cors-configurations: '[/**]': allow-credentials: true #允許跨域的源(網站域名/ip)，設置*為全部 allowed-origins: - "http://xb.abc.com" - "http://sf.xx.com" allowed-headers: "*" #允許跨域的method，默認為GET和OPTIONS，設置*為全部 allowed-methods: - OPTIONS - GET - POST - DELETE - PUT - PATCH max-age: 3600 ``` >[warning]注意：通過 gateway 轉發的其他項目，不要再進行跨域配置。