Spring Boot CORS配置

本文介绍了在Spring Boot中配置CORS的两种方法,包括不依赖额外包的配置和使用特定依赖包的设置,适用于不同场景的需求。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

不依赖spring-boot-starter-security

  @Bean
  CorsConfigurationSource corsConfigurationSource() {
      CorsConfiguration configuration = new CorsConfiguration();
      configuration.setAllowedOrigins(Arrays.asList("http://localhost:63342"));
      configuration.setAllowedMethods(Arrays.asList("GET","POST", "PUT", "DELETE"));
      // 如果所有的属性不全部配置,一定要执行该方法
      configuration.applyPermitDefaultValues();

      UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
      source.registerCorsConfiguration("/**", configuration);
      return source;
  }

  @Bean
  CorsFilter corsFilter(CorsConfigurationSource corsConfigurationSource) {
      CorsFilter corsFilter = new CorsFilter(corsConfigurationSource);
      return corsFilter;
  }

依赖spring-boot-starter-security

@SpringBootApplication
public class AuthorityManagementApplication extends WebSecurityConfigurerAdapter {
    public static void main(String[] args) {
        SpringApplication.run(AuthorityManagementApplication.class, args);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        /**
         * CORS 必须在Security之前处理
         * 原因:这个 pre-flight 请求不会包含任何cookies,如果请求不包括任何cookies和Security先处理的话,那么这个请求会被拒绝
         * 官方地址:https://docs.spring.io/spring-security/site/docs/5.0.0.RELEASE/reference/htmlsingle/#cors
         * CORS must be processed before Spring Security because the pre-flight request will not contain any cookies (i.e. the JSESSIONID).
         * If the request does not contain any cookies and Spring Security is first,
         * the request will determine the user is not authenticated (since there are no cookies in the request) and reject it.
         */
        http.cors();
    }

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList("http://localhost:63342"));
        configuration.setAllowedMethods(Arrays.asList("GET","POST", "PUT", "DELETE"));
        // 如果所有的属性不全部配置,一定要执行该方法
        configuration.applyPermitDefaultValues();

        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
}

在两种情况中,都可以

@SpringBootApplication
public class AuthorityManagementApplication extends WebMvcConfigurerAdapter {
    public static void main(String[] args) {
        SpringApplication.run(AuthorityManagementApplication.class, args);
    }

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        super.addCorsMappings(registry);
        registry.addMapping("/**")
                .allowedOrigins("http://localhost:63342")
                .allowedMethods("GET","POST","PUT","DELETE");
        /**
         * 不用调用手动调用applyPermitDefaultValues()
         * 首先:创建CorsRegistration
         * public CorsRegistration addMapping(String pathPattern) {
         *     CorsRegistration registration = new CorsRegistration(pathPattern);
         *     this.registrations.add(registration);
         *     return registration;
         * }
         * 其次:构造函数中自动调用了applyPermitDefaultValues
         * public CorsRegistration(String pathPattern) {
         *     this.pathPattern = pathPattern;
         *     this.config = new CorsConfiguration().applyPermitDefaultValues();
         * }
         */
    }
}
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值