做自媒体可利用的国外网站,正确的企业邮箱格式,网站建设的竞争力,自己可以创建网站吗1、跨域问题#xff1a; 按照网上所有的方法试了一遍#xff0c;都没跨过去#xff0c;正在无助之际#xff0c;使用filter按照下面的方法解决的时候出现了转机#xff1a; 添加filter#xff1a; package com.thc.bpm.filter;import javax.servlet.*;
import javax.serv…1、跨域问题 按照网上所有的方法试了一遍都没跨过去正在无助之际使用filter按照下面的方法解决的时候出现了转机 添加filter package com.thc.bpm.filter;import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException; public class CorsFilter implements Filter { Override public void init(FilterConfig filterConfig) throws ServletException { } Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletResponse response (HttpServletResponse) servletResponse; HttpServletRequest request (HttpServletRequest)servletRequest; String origin request.getHeader(Origin); response.setHeader(Access-Control-Allow-Origin, origin); response.setHeader(Access-Control-Allow-Methods, POST, GET, OPTIONS, DELETE); response.setHeader(Access-Control-Max-Age, 3600); response.setHeader(Access-Control-Allow-Headers, Authentication); response.setHeader(Access-Control-Allow-Credentials, true); String method request.getMethod(); if(method.equalsIgnoreCase(OPTIONS)){ servletResponse.getOutputStream().write(Success.getBytes(utf-8)); }else{ filterChain.doFilter(servletRequest, servletResponse); } } Override public void destroy() { } } 在web.xml配置田间上面的过滤器 filterfilter-namecorsFilter/filter-name filter-classcom.thc.bpm.filter.CorsFilter/filter-class /filter filter-mapping filter-namecorsFilter/filter-name url-pattern/*/url-pattern /filter-mapping 测试的时候发现报错不一样了主要是这句话Request header field x-access-token is not allowed by Access-Control-Allow-Headers in preflight response大致翻译下意思是请求头中有个字段“x-access-token”这个字段不被预运行响应中的Access-Control-Allow-Headers所允许。我忽然想到我们的token就是放在x-access-token这个字段中而过滤器中相关设置为 response.setHeader(Access-Control-Allow-Headers, Authentication); 那就把Authentication换成x-access-token试试 response.setHeader(Access-Control-Allow-Headers, x-access-token); 再测试一次 2、总结cors常见的header Access-Control-Allow-Origin: http://foo.orgAccess-Control-Max-Age: 3628800Access-Control-Allow-Methods: GETPUT, DELETEAccess-Control-Allow-Headers: content-type Access-Control-Allow-Origin表明它允许http://foo.org发起跨域请求Access-Control-Max-Age表明在3628800秒内不需要再发送预检验请求可以缓存该结果Access-Control-Allow-Methods表明它允许GET、PUT、DELETE的外域请求Access-Control-Allow-Headers表明它允许跨域请求包含content-type头 预检请求用的方法是OPTIONS表示这个请求是用来询问的。关键字段是Origin表示请求来自哪个源。除了Origin之外还有两个特殊字段Access-Control-Request-Method:该字段是必须的用来列出CORS请求会用到那些方法。Access-Control-Request-Headers:该字段是一个逗号分隔的字符串指定浏览器CORS请求会额外发送的头信息字段。转载于:https://www.cnblogs.com/jiqiyoudu/p/10974810.html
