Tomcat / Nginx 跨域

*

tomcat 解决跨域,

1,据说tomcat7.0.40以上才有自带的CrosFilter,在WEB-INF/web.xml中配置即可:

<filter>
        <filter-name>CorsFilter</filter-name>
        <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
        <init-param>
            <param-name>cors.allowed.origins</param-name>
            <param-value>*</param-value>
        </init-param>
        <init-param>
            <param-name>cors.allowed.methods</param-name>
            <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
        </init-param>
        <init-param>
            <param-name>cors.allowed.headers</param-name>
            <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,yourdefinedname</param-value>
        </init-param>
        <init-param>
            <param-name>cors.exposed.headers</param-name>
            <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials,Access-Control-Allow-Headers</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>CorsFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

2,tomcat7.0.40以下解决跨域,web.xml中

<filter>
        <filter-name>CorsFilter</filter-name>
        <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
        <init-param>
            <param-name>cors.allowOrigin</param-name>
            <param-value>*</param-value>
        </init-param>
        <init-param>
            <param-name>cors.supportedMethods</param-name>
            <param-value>GET, POST, HEAD, PUT, DELETE</param-value>
        </init-param>
        <init-param>
            <param-name>cors.supportedHeaders</param-name>
            <param-value>Accept, Origin, X-Requested-With, Content-Type, Last-Modified,Access-Control-Request-Headers</param-value>
        </init-param>
        <init-param>
            <param-name>cors.exposedHeaders</param-name>
            <param-value>Set-Cookie</param-value>
        </init-param>
        <init-param>
            <param-name>cors.supportsCredentials</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>CorsFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

,需要引入两个包,如果是用maven,则pom.xml中可以加上下面这句,保存后自动会下载:

<dependency>
            <groupId>com.thetransactioncompany</groupId>
            <artifactId>cors-filter</artifactId>
            <version>1.7</version>
                <scope>runtime</scope>
        </dependency>

maven仓库下载地址可以这样配置,{maven_home}/conf/settings.xml:

<mirror>
        <id>sensordata</id>
        <mirrorOf>central</mirrorOf>
        <name>Human Readable Name for this Mirror.</name>
        <url>http://central.maven.org/maven2/</url>
    </mirror>
    <mirror>
        <id>repo2</id>
        <mirrorOf>central</mirrorOf>
        <name>Human Readable Name for this Mirror.</name>
        <url>http://repo2.maven.org/maven2/</url>
    </mirror> 

     <mirror>
        <id>ibiblio1</id>
        <mirrorOf>central</mirrorOf>
        <name>Human Readable Name for this Mirror.</name>
        <url>http://mirrors.ibiblio.org/maven2/</url>
    </mirror>
    <mirror>
      <id>alimaven</id>
      <name>aliyun maven</name>
      <url>http://maven.aliyun.com/nexus/content/groups/public/</url>
      <mirrorOf>central</mirrorOf>
    </mirror>
  </mirrors>

3,也可以自定义跨域过滤器,这个应该不针对tomcat版本

第一步,写一个类 CrosFilter.java

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

public class CrosFilter implements Filter{  

@Override
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub  

}  

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
ServletException {
HttpServletResponse res = (HttpServletResponse) response;
res.setContentType("text/html;charset=UTF-8");
   res.setHeader("Access-Control-Allow-Origin", "*");
   res.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
   res.setHeader("Access-Control-Max-Age", "0");
   res.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type");
   res.setHeader("Access-Control-Allow-Credentials", "true");
   res.setHeader("XDomainRequestAllowed","1");
   chain.doFilter(request, response);
}  

@Override
public void destroy() {
// TODO Auto-generated method stub  

}  

} 

第二步,在web.xml中配置过滤器

<filter>
     <filter-name>cros</filter-name>
     <filter-class>com.zlfund.openapi.webserver.filter.CrosFilter</filter-class>
    </filter>
    <filter-mapping>
     <filter-name>cros</filter-name>
     <url-pattern>/*</url-pattern>
    </filter-mapping>  

*********

这几种都可以解决,但是公司预生产就一直存在 跨域,原来它还经过了 nginx,在那里也要配置

server {
    listen 443;
    server_name myapi.com;

    access_log /var/log/nginx/myapiaccess.log myapi_access;
    error_log  /var/log/nginx/myapierror.log;

    more_set_headers "Access-Control-Allow-Origin: $http_origin";
#    more_set_headers "Access-Control-Allow-Credentials : true";
#    more_set_headers "Access-Control-Allow-Methods: GET,POST,HEAD,OPTIONS,PUT";
#    more_set_headers "Access-Control-Expose-Headers: Access-Control-Allow-Headers,Access-Control-Allow-Origin,Access-Control-Allow-Credentials";
#    more_set_headers "Access-Control-Allow-Headers: retdatatype,content-type,access-control-request-headers,accept,access-control-request-method,origin,x-requested-with";
    more_set_headers "Access-Control-Allow-Headers: retdatatype,content-type";

使用的是 https://myapi.com 访问,所以在443 这里配置

*

时间: 2024-10-06 01:10:02

Tomcat / Nginx 跨域的相关文章

nginx跨域设置

nginx跨域问题例子:访问http://10.0.0.10/ 需要能实现跨域 操作:http://10.0.0.10/项目是部署在tomcat里面,tomcat跨域暂时还不会,按照网上的方法操作也没成功只有用Nginx做个代理,解决跨域问题了! 1.将www.tangxiaoyue.com域名指向http://10.0.0.11/.只有在域名上设置才能实现跨域.(10.0.0.11是Nginx的IP)2.在nginx上的配置文件tang.conf进行设置 配置文件例如: server { li

学习-【前端】-关于nginx跨域的配置

一般来说我们的网站都是要使用代理服务器来分配不同端口,这里就nginx介绍,我们的混合app需要用到跨域的设置来完成数据交互,那么这里给出nginx跨域设置,当然,这里设置完本身后台服务器也要设置哦. location ^~/abc { add_header "Access-Control-Allow-Origin"  ""; add_header "Access-Control-Allow-Headers"  "Content-Typ

nginx 跨域acl

nginx跨域访问配置,需要配置多个源域名,有简单的方法,但不安全: add_header "Access-Control-Allow-Origin" * 以下是我的配置: <--------nginx config----------->                 if ( $http_origin ~* (https?://(.+\.)?(youyuan|uyuan)\.(.*)$) ) {                           add_header

Nginx跨域问题

Nginx跨域无法访问,通常报错: Failed to load http://172.18.6.30:8086/CityServlet: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://test.dingkailinux.cn' is therefore not allowed access. 可以在nginx的配置文件中对应的localtion中添加: a

nginx跨域了解与模拟与解决

模拟由于跨域访问导致的浏览器报错,在nginx代理服务器上设置相应参数解决 nginx 跨域一.同源策略何为同源:1.协议(http/https)相同2.域名(IP)相同3.端口相同 浏览器遵循同源策略的目的同源策略的目的是为了保证用户信息的安全,防止恶意的网站窃取数据.此策略可以防止一个页面的恶意脚本(JavaScript语言编写的程序)通过该页面的文档对象模型来访问另一网页上的敏感数据. 同源策略是必需的,否则cookie可以共享,互联网就毫无安全可言,同源策略仅适用于JavaScript脚

Nginx 跨域设置

web应用通常会碰到跨域的问题,特别是在将字体文件放在另一个域名下(cdn缓存)的时候会出现无法访问的问题,浏览器会报如下错误警告: Font from origin 'http://cdn.xxxx.com' has been blocked from loading by Cross-Origin Resource Sharing policy:  No 'Access-Control-Allow-Origin' header is present on the requested reso

Nginx跨域访问问题总结

一.什么是跨域 简单地理解就是因为JavaScript同源策略的限制,a.com 域名下的js无法操作b.com或是c.a.com域名下的对象. 同源是指相同的协议.域名.端口.特别注意两点: 如果是协议和端口造成的跨域问题"前台"是无能为力的, 在跨域问题上,域仅仅是通过"协议+域名+端口"来识别,两个不同的域名即便指向同一个ip地址,也是跨域的. 二.常见跨域情况 URL                                说明            

nginx跨域

server {     listen 8080;     include enable-php.conf;     root   /home/wwwroot/image;     location /                 {                 add_header 'Access-Control-Allow-Origin' 'http://www.tisunion.com';                 add_header 'Access-Control-All

Nginx 跨域使用字体

今天在使用子域名访问根域名的CSS时,发现字体无法显示,在确保CSS和Font字体的路径加载无问题后,基本确定是因为跨域的问题. 通过Nginx模块HttpHeadersModule来添加Access-Control-Allow-Origin允许的地址. 解决方法 在Nginx的conf目录下修改nginx.conf或者vhost下对应的domain conf,添加以下代码: location ~* \.(eot|ttf|woff)$ {add_header Access-Control-All