package com.boying.common;
|
|
import com.boying.common.util.StringUtil;
|
import org.aspectj.lang.annotation.Aspect;
|
import org.springframework.stereotype.Component;
|
|
import javax.servlet.*;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
import java.io.IOException;
|
|
/**
|
* 跨域过滤器
|
* @author jitwxs
|
* @since 2018/10/16 20:53
|
*/
|
@Component
|
public class CorsFilter implements Filter {
|
@Override
|
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
|
HttpServletResponse response = (HttpServletResponse) res;
|
HttpServletRequest request = (HttpServletRequest) req;
|
|
// 不使用*,自动适配跨域域名,避免携带Cookie时失效
|
String origin = request.getHeader("Origin");
|
if(!StringUtil.isNullOrEmpty(origin)) {
|
response.setHeader("Access-Control-Allow-Origin", origin);
|
}
|
|
// 自适应所有自定义头
|
String headers = request.getHeader("Access-Control-Request-Headers");
|
if(!StringUtil.isNullOrEmpty(headers)) {
|
response.setHeader("Access-Control-Allow-Headers", headers);
|
response.setHeader("Access-Control-Expose-Headers", headers);
|
}
|
|
// 允许跨域的请求方法类型
|
response.setHeader("Access-Control-Allow-Methods", "*");
|
// 预检命令(OPTIONS)缓存时间,单位:秒
|
response.setHeader("Access-Control-Max-Age", "3600");
|
// 明确许可客户端发送Cookie,不允许删除字段即可
|
response.setHeader("Access-Control-Allow-Credentials", "true");
|
|
chain.doFilter(request, response);
|
}
|
|
@Override
|
public void init(FilterConfig filterConfig) {
|
|
}
|
|
@Override
|
public void destroy() {
|
}
|
|
/*
|
注册过滤器:
|
@Bean
|
public FilterRegistrationBean registerFilter() {
|
FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<>();
|
bean.addUrlPatterns("/*");
|
bean.setFilter(new CorsFilter());
|
// 过滤顺序,从小到大依次过滤
|
bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
|
return bean;
|
}
|
*/
|
}
|