方法一:使用@CrossOrigin注解局部跨域
在控制器(@Controller)上使用注解或者方法上使用注解允许跨域。
@RestController
@CrossOrigin(allowCredentials="true")
public class CorsTestController {
@RequestMapping("/test")
public String preUser(){
System.out.println("test");
return "test";
}
}
这里的allowCredentials="true"
的作用在于允许跨域请求时携带cookie,在需要使用到session需要开启该属性保持会话。其他的属性可查看该注解源码进行设置。
方法二:Web Config的方式全局跨域
@Configuration
public class CORSWebMvcConfiguration extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("*")
.allowedOrigins("*").exposedHeaders("token")
.allowedMethods("GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "TRACE");
}
}
方法三:过滤器
package com.example.pahms.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
@Configuration
public class GlobalCorsConfig {
@Bean
public CorsFilter corsFilter() {
CorsConfiguration config = new CorsConfiguration();
config.addAllowedOrigin("*");
config.setAllowCredentials(true);
config.addAllowedMethod("*");
config.addAllowedHeader("*");
config.addExposedHeader("token");
UrlBasedCorsConfigurationSource configSource = new UrlBasedCorsConfigurationSource();
configSource.registerCorsConfiguration("/**", config);
return new CorsFilter(configSource);
}
}