如何在Spring Boot Cors中设置标头?
[英]How do I set header in spring boot cors?
问题描述
I want to enable CORS in spring boot 2. I've done this as follows: 
我想在Spring Boot 2中启用CORS。我这样做如下:
@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowedMethods("*")
.allowedHeaders("*");
}
}
This work fine in most requests, but in some special request I need to set Access-Control-Allow-Origin header in response. 在大多数请求中都可以正常工作,但是在某些特殊请求中,我需要设置Access-Control-Allow-Origin标头作为响应。 How can I do it ? 我该怎么办 ?
3 个解决方案
解决方案1
0 2018-08-27 12:27:17
There are many Ways to do this like using Filter or Interceptor or Aspects. 有许多方法可以做到这一点,例如使用“过滤器”或“拦截器”或“方面”。 You can also use WebFilter if you are using Spring 5. 如果使用Spring 5,也可以使用WebFilter。
One of the ways to do so is through Interceptors. 其中一种方法是通过拦截器。 Here is a rough code. 这是一个粗略的代码。
public class AccessControlInterceptor implements HandlerInterceptor {
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
if(somecondition) {
response.setHeader("Access-Control-Allow-Origin", "your_value");
}
}
}
And register this Interceptor with spring like this 并用这样的弹簧注册这个拦截器
@Configuration
public class MyConfig extends WebMvcConfigurerAdapter{
@Override
public void addInterceptors(InterceptorRegistry registry){
registry.addInterceptor(new AccessControlInterceptor ()).addPathPatterns("/**");
}
}
解决方案2
0 2018-08-27 12:30:33
From Spring documentation https://spring.io/guides/gs/rest-service-cors/ 从Spring文档https://spring.io/guides/gs/rest-service-cors/
Enabling CORS Controller method CORS configuration So that the RESTful web service will include CORS access control headers in its response, you just have to add a @CrossOrigin annotation to the handler method: 启用CORS控制器方法CORS配置 ,以便RESTful Web服务将在其响应中包括CORS访问控制标头,您只需向处理程序方法添加@CrossOrigin批注:
@RestController
public class GreetingController {
@CrossOrigin(origins = "http://localhost:9000")
@GetMapping("/greeting")
public Greeting greeting(@RequestParam(required=false, defaultValue="World") String name) {
System.out.println("==== in greeting ====");
return new Greeting(counter.incrementAndGet(),String.format(template, name));
}
This @CrossOrigin annotation enables cross-origin requests only for this specific method. 此@CrossOrigin批注仅针对此特定方法启用跨域请求。 By default, its allows all origins, all headers, the HTTP methods specified in the @RequestMapping annotation and a maxAge of 30 minutes is used. 默认情况下,它允许使用所有来源,所有标头,@ RequestMapping批注中指定的HTTP方法以及30分钟的maxAge。 You can customize this behavior by specifying the value of one of the annotation attributes: origins, methods, allowedHeaders, exposedHeaders, allowCredentials or maxAge. 您可以通过指定以下注释属性之一的值来自定义此行为:起点,方法,allowedHeaders,暴露的Headers,allowCredentials或maxAge。 In this example, we only allow http://localhost:9000 to send cross-origin requests. 在此示例中,我们仅允许http:// localhost:9000发送跨域请求。
it is also possible to add this annotation at controller class level as well, in order to enable CORS on all handler methods of this class. 也可以在控制器类级别添加此批注,以便在此类的所有处理程序方法上启用CORS。
解决方案3
0 2018-09-29 20:18:59
Currently you are setting Access-Control-Allow-Origin to * which is a wildcard and matches all origins. 当前,您正在将Access-Control-Allow-Origin为* ,这是一个通配符并匹配所有来源。
If your request contains credential related data, eg by setting XMLHttpRequest.withCredentials to true : 如果您的请求包含与凭据相关的数据,例如通过将XMLHttpRequest.withCredentials设置为true :
Access-Control-Allow-Originmustn't have the value*Access-Control-Allow-Origin不得具有值*An additional response header
Access-Control-Allow-Credentialswith the valuetrueis expected.期望值为true的附加响应标头Access-Control-Allow-Credentials。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.