对于前后端分离的项目,在开发阶段经常会遇到跨域的问题。
1.首先,对于后台的处理方式,第一种是用 @CrossOrigin 注解,@crossorigin是后端SpringMVC框架(需4.2版本以上)Controller层的一个注解,这个注解是用在控制器方法上的,但这种方式不能做到统一跨域处理
@CrossOrigin(origins = "http://localhost:3000")
@RequestMapping(method = RequestMethod.GET)
List<User> getList() {
return Lists.newArrayList(userdb.asMap().values());
}
2. 第二种方式是 构建一个拦截器
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component; public class SimpleCORSFilter implements Filter { public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request= (HttpServletRequest)req;
response.setHeader("Access-Control-Allow-Credentials","true");//允许跨域加载
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");//ajax请求
chain.doFilter(req, res);
} public void init(FilterConfig filterConfig) {
} public void destroy() {} }
3.当然,前端ajax请求时,也可以做相应的处理,关键代码 crossDomain: true, xhrFields: { withCredentials: true }
$.ajax({
type: "POST",
url: window.ServiceUrl+"/custom/clientLogin",
crossDomain: true,
xhrFields: { withCredentials: true },
data: {username:loginName,password:password},
dataType : "json",
success: function(respMsg){
//正常操作
},
error:function(){
//异常操作
}
});
4.如果上述方法都不行,可以检查一下cookie的domain和path属性:这里引用一下大佬的章
https://blog.****.net/zhouziyu2011/article/details/61200943