spring cloud implements a front end cross domain problem solution
- 2020-12-26 05:39:46
- OfStack
When we need to provide services from spring boot as an restful interface, if the architecture is separated from the front end, then there is a cross-domain problem. How to solve the cross-domain problem is discussed below.
Solution 1: Add the @CrossOrigin annotation to Controller
The usage is as follows:
@CrossOrigin // Annotation way
@RestController
public class HandlerScanController {
@CrossOrigin(allowCredentials="true", allowedHeaders="*", methods={RequestMethod.GET,
RequestMethod.POST, RequestMethod.DELETE, RequestMethod.OPTIONS,
RequestMethod.HEAD, RequestMethod.PUT, RequestMethod.PATCH}, origins="*")
@PostMapping("/confirm")
public Response handler(@RequestBody Request json){
return null;
}
}
Solution 2: Global configuration
The code is as follows:
@Configuration
public class MyConfiguration {
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowCredentials(true)
.allowedMethods("GET");
}
};
}
}
Solution 3: Use with Filter
Add 1 CorsFilter to the main class of spring boot
/**
*
* attention: Simple cross domain is GET . HEAD and POST Request, but POST The request of "Content-Type" Can only be application/x-www-form-urlencoded, multipart/form-data or text/plain
* Conversely, it is non-simple cross-domain, which has 1 A pre-check mechanism, to put it bluntly, would send two requests, 1 time OPTIONS The request, 1 This is a real request
*/
@Bean
public CorsFilter corsFilter() {
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
final CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true); // allow cookies Cross domain
config.addAllowedOrigin("*");// # Allowed to submit a request to this server URI . * Represents all allowed in SpringMVC If I set theta to zero * Is automatically converted to the current request header Origin
config.addAllowedHeader("*");// # Allowed access to the header information ,* All said
config.setMaxAge(18000L);// The cache time of the precheck request (in seconds), during which the same cross-domain request will not be prechecked
config.addAllowedMethod("OPTIONS");// A method that allows you to submit a request, * All allowed
config.addAllowedMethod("HEAD");
config.addAllowedMethod("GET");// allow Get Request method of
config.addAllowedMethod("PUT");
config.addAllowedMethod("POST");
config.addAllowedMethod("DELETE");
config.addAllowedMethod("PATCH");
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
Of course, if there are many microservices, you need to add this code to the main class of each service, which violates the DRY principle. It would be better to solve the cross-domain problem in the GATEWAY layer of zuul, once and for all.
For more information about the front cross domain, please refer to: https: / / www ofstack. com article / 83093. htm