如何“轻松”配置 Spring MVC,以便对我应用程序中任何 API 的每个请求都返回神奇的 CORS 标头?
例如,使用@ControllerAdvice 或使用常见的 AOP 建议。
【问题讨论】:
标签: java http spring-mvc cors
我通过以下步骤解决:
<dependency> <groupId>com.thetransactioncompany</groupId> <artifactId>cors-filter</artifactId> <version>2.2.1</version> </dependency>
在 web.xml 中添加这个参数
<filter>
<filter-name>CORS</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
<init-param>
<param-name>cors.allowGenericHttpRequests</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowSubdomains</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>cors.supportedMethods</param-name>
<param-value>GET, HEAD, POST, DELETE, OPTIONS</param-value>
</init-param>
<init-param>
<param-name>cors.supportedHeaders</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.supportsCredentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.maxAge</param-name>
<param-value>3600</param-value>
</init-param>
</filter>
【讨论】:
其中一种方法是使用 Interceptor 类,如下所示:
让我们为所有 URL 设置拦截器方法,如下所示:
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler)
throws Exception {
request.setHeader(HttpHeaders.CONTENT_TYPE, "application/jsonp");
//OR
response.addHeader(HttpHeaders.CONTENT_TYPE, "application/jsonp");
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
}
我们只需要配置拦截器来满足 Controller 方法的需要。
JSONP 是 CORS 通信的首选格式之一。
【讨论】: