Solution of springboot setting CorsFilter cross domain ineffectiveness
- 2021-12-12 08:27:21
- OfStack
Setting the resolution of CorsFilter cross-domain ineffectiveness
Problem description
The front-end development project of the company encountered cross-domain problems during local debugging. My colleague adjusted my service 1 to prompt cross-domain problems directly, and then the front-end nb did cross-domain processing, similar to nginx, but I went to Baidu for a look and found a solution in a big blog.
The reason for the problem is that the filter written to judge the login affects the login, and the reason is that the execution sequence of filter is caused before corsfilter, so the configuration file of cross-domain setting under 1 is modified
Solutions
/**
* Use CORS , used to solve the problem ajax Cross-domain access problem
*/
@Configuration
public class GlobalCorsConfig {
@Bean
public FilterRegistrationBean corsFilter() {
//1. Add CORS Configuration information
CorsConfiguration config = new CorsConfiguration();
//1) Allowed domains , Don't write * Otherwise cookie You can't use it
//config.addAllowedOrigin("http://manage.leyou.com");
//config.addAllowedOrigin("http://www.leyou.com");
config.addAllowedOrigin("*");
//2) Whether to send Cookie Information
config.setAllowCredentials(true);
//3) Allowed request methods
config.addAllowedMethod("OPTIONS");
config.addAllowedMethod("HEAD");
config.addAllowedMethod("GET");
config.addAllowedMethod("PUT");
config.addAllowedMethod("POST");
config.addAllowedMethod("DELETE");
config.addAllowedMethod("PATCH");
config.setMaxAge(3600L);
// 4 ) Allowed header information
config.addAllowedHeader("*");
//2. To add a mapping path, we intercept 1 Cut request
UrlBasedCorsConfigurationSource configSource = new UrlBasedCorsConfigurationSource();
configSource.registerCorsConfiguration("/**", config);
//3. Returns the new CorsFilter.
//return new CorsFilter(configSource);
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(configSource));
bean.setOrder(0);
return bean;
}
}
Why cross-domain configuration CorsFilter does not take effect
When you have more than one Filter in your project, you need to set the order in which the filters are executed through the @ Order (Ordered.HIGHEST_PRECEDENCE) annotation
Rules of order
1. The smaller the value of order, the higher the priority
2. If order is not numbered, it defaults to the lowest priority because its default value is the int maximum value
3. This annotation is equivalent to the getOrder method that implements the Ordered interface and returns a number.
If cross-domain is set by using the following commented-out method, the front end will prompt cross-domain when return goes out directly in doFilter () method of Filter
Because this CorsConfig does not implement Filter interface, it will not take effect even if @ Order annotation is added. It is necessary to return a new FilterRegistrationBean in the following new way and set order
import com.nanase.takeshi.constants.JwtConstant;
import lombok.extern.slf4j.Slf4j;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
/**
* CorsConfig
* Cross-domain request configuration
*
* @author 725
* @date 2020/12/10 18:17
*/
@Slf4j
@Configuration
public class CorsConfig {
private CorsConfiguration buildConfig() {
CorsConfiguration corsConfiguration = new CorsConfiguration();
// 1 Set the access source address
corsConfiguration.addAllowedOrigin("*");
// 2 Set the access source request header
corsConfiguration.addAllowedHeader("*");
// 3 Set the method of accessing the source request
corsConfiguration.addAllowedMethod("*");
// 4 What header information is exposed
corsConfiguration.addExposedHeader(JwtConstant.HEADER);
return corsConfiguration;
}
/**
@Bean
public CorsFilter corsFilter() {
log.info(" Cross-domain settings. . . . ");
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
// Configure cross-domain settings for interfaces
source.registerCorsConfiguration("/**", buildConfig());
return new CorsFilter(source);
}
*/
@Bean
public FilterRegistrationBean<CorsFilter> corsFilter() {
log.info(" Cross-domain settings. . . . ");
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
// 5 Configure cross-domain settings for interfaces
source.registerCorsConfiguration("/**", buildConfig());
// There are multiple filter When the setting here is changed CorsFilter Priority execution order of
FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<>(new CorsFilter(source));
bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
return bean;
}
}