跨域配置

SpringBoot跨域配置

我们的后端使用Spring Boot。Spring Boot跨域非常简单,只需书写以下代码即可。

@Configuration
public class CustomCORSConfiguration {
  private CorsConfiguration buildConfig() {
    CorsConfiguration corsConfiguration = new CorsConfiguration();
    corsConfiguration.addAllowedOrigin("*");
    corsConfiguration.addAllowedHeader("*");
    corsConfiguration.addAllowedMethod("*");
    return corsConfiguration;
  }
  @Bean
  public CorsFilter corsFilter() {
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", buildConfig());
    return new CorsFilter(source);
  }
}

Nginx跨域配置

某天,我们将Spring Boot应用用Nginx反向代理。而前端跨域请求的需求不减,于是乎。

Nginx跨域也比较简单,只需添加以下配置即可。

location / {
    proxy_pass http://localhost:8080;
    if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Token';
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain; charset=utf-8';
        add_header 'Content-Length' 0;
        return 204;
    }
    if ($request_method = 'POST') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Token';
        add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Token';
    }
    if ($request_method = 'GET') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Token';
        add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Token';
    }
}

其中: add_header ‘Access-Control-Expose-Headers‘ 务必加上你请求时所带的header。例如本例中的“Token”,其实是前端传给后端过来的。如果记不得也没有关系,浏览器的调试器会有详细说明。

参考文档:https://enable-cors.org/server_nginx.html

B.T.W,阿里云中文档描述到Nginx也可通过crossdomain.xml配置文件跨域:https://helpcdn.aliyun.com/knowledge_detail/41123.html ,不过笔者并未采用这种方式。

CORS on Nginx

The following Nginx configuration enables CORS, with support for preflight requests.

#
# Wide-open CORS config for nginx
#
location / {
     if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        #
        # Custom headers and headers various browsers *should* be OK with but aren't
        #
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
        #
        # Tell client that this pre-flight info is valid for 20 days
        #
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain; charset=utf-8';
        add_header 'Content-Length' 0;
        return 204;
     }
     if ($request_method = 'POST') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
        add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
     }
     if ($request_method = 'GET') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
        add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
     }
}

浏览器设置跨域

Chrome、Firefox本身是可以通过配置支持跨域请求的。

  • Chrome跨域:参考文档:http://www.cnblogs.com/laden666666/p/5544572.html
  • Firefox跨域:参考文档:https://segmentfault.com/q/1010000002532581/a-1020000002533699

原文地址:https://www.cnblogs.com/alterem/p/11227200.html

时间: 2024-10-08 02:31:57

跨域配置的相关文章

springboot跨域配置

关于什么是跨域的问题,感兴趣的同学可以看阮一峰老师的日志 http://www.ruanyifeng.com/blog/2016/04/cors.html. 下面贴出我在springboot项目中的跨域配置. 1.CorsConfig package com.example.demo; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configur

asp.net Core 跨域配置

1.添加中间件 在ConfigureServices中添加 //跨域中间件服务 services.AddCors(); 在 Configure中添加 //跨域配置 app.UseCors(builder => builder.WithOrigins("http://example.com").AllowAnyHeader()); 原文地址:https://www.cnblogs.com/xuqp/p/9996687.html

Asp.net跨域配置

<system.webServer> <httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="*" /> <add name="Access-Control-Allow-Headers" value="Content-Type" /> <add name=&quo

WCF ajax跨域配置

webconfig必须配置 binding="webHttpBinding" <service name="Hezi.MsgService.Send"> <endpoint address="" behaviorConfiguration="Hezi.MsgService.SendAspNetAjaxBehavior" binding="webHttpBinding" contract=&

Spring boot2.0 与 2.0以前版本 跨域配置的区别

一·简介 spring boot升级到2.0后发现继承WebMvcConfigurerAdapter实现跨域过时了,那我们就紧随潮流. 二·全局配置 2.0以前 支持跨域请求代码: 1 import org.springframework.context.annotation.Configuration; 2 import org.springframework.web.servlet.config.annotation.CorsRegistry; 3 import org.springfram

SSM跨域配置

1.后台跨域要引用两个jar包(cors-filter-1.7.jar.java-property-utils-1.9.jar) 提供下载地址: 链接: https://pan.baidu.com/s/1QHsKnlTZ2oknkRO06TqxyA 密码: e44u 2.在web.xml中配置跨域过滤器 <!-- 跨域过滤器 --> <filter> <filter-name>CORS</filter-name> <filter-class>co

.Net Core Api 跨域配置

.Net Core 和Asp.Net 不同,不需要再去引用其他的跨域组件.创建项目时,就有了. 让接口实现跨域,需要配置两个地方. 一.Startup.cs 这里需要配置两个地方 public void ConfigureServices(IServiceCollection services) { //添加cors 服务 配置跨域处理 services.AddCors(options => { options.AddPolicy("any", builder => { b

axiso 生产环境跨域配置(可用)

1.npm install axios 后 在main.js中import import Axios from 'axios'Vue.prototype.$http = Axios 2.请求配置 this.$http.get( { 'url':'http://sss.com/getSysTime.do', 'crossDomain': true, //跨域的配置项 'params': { firstName: 'Fred', lastName: 'Flintstone' } } ).then(f

WebService跨域配置、Ajax跨域请求、附开发过程源码

项目开发过程中需要和其他公司的数据对接,当时我们公司提供的是WebService,本地测试,都是好的,Ajax跨域请求,就报错,配置WebService过程中,花了不少功夫,入不少坑,不过最终问题还是解决啦~~~特意将完整开发步骤记录下来,以备下次勿犯,废话不多说,直接上源码! 第一步,右键,新建项,添加"web服务" 第二步:在webservice项目的web.config中添加如下配置,缺一不可: 1 <system.web> 2 <webServices>