A股代码
blame | history | raw
1
zj
11 hours ago d615fc515fc52d6ed970c11d59a017e48de4be32 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

package com.nq.config;


 


import org.apache.commons.lang3.StringUtils;


import org.springframework.boot.web.servlet.FilterRegistrationBean;


import org.springframework.context.annotation.Bean;


import org.springframework.context.annotation.Configuration;


import org.springframework.core.Ordered;


 


import javax.servlet.Filter;


import javax.servlet.FilterChain;


import javax.servlet.ServletException;


import javax.servlet.ServletRequest;


import javax.servlet.ServletResponse;


import javax.servlet.http.HttpServletRequest;


import javax.servlet.http.HttpServletResponse;


import java.io.IOException;


 


/**


 * 跨域:回显请求 Origin,兼容管理后台/用户端从任意域名访问 API。


 */


@Configuration


public class MyCorsFilter {


 


    @Bean


    public FilterRegistrationBean<Filter> corsFilterRegistration() {


        FilterRegistrationBean<Filter> bean = new FilterRegistrationBean<>();


        bean.setFilter(new DynamicCorsFilter());


        bean.addUrlPatterns("/*");


        bean.setOrder(Ordered.HIGHEST_PRECEDENCE);


        return bean;


    }


 


    static class DynamicCorsFilter implements Filter {


        @Override


        public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)


                throws IOException, ServletException {


            HttpServletRequest request = (HttpServletRequest) req;


            HttpServletResponse response = (HttpServletResponse) res;


 


            String origin = request.getHeader("Origin");


            if (StringUtils.isNotBlank(origin)) {


                response.setHeader("Access-Control-Allow-Origin", origin);


                response.setHeader("Access-Control-Allow-Credentials", "true");


                response.addHeader("Vary", "Origin");


            }


 


            response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS");


 


            // credentials 模式下浏览器不接受 Allow-Headers: *,需回显预检请求头


            String requestHeaders = request.getHeader("Access-Control-Request-Headers");


            if (StringUtils.isNotBlank(requestHeaders)) {


                response.setHeader("Access-Control-Allow-Headers", requestHeaders);


            } else {


                response.setHeader("Access-Control-Allow-Headers",


                        "Content-Type, admintoken, USERTOKEN, lang, Authorization, X-Requested-With, Accept, Origin");


            }


 


            response.setHeader("Access-Control-Max-Age", "3600");


 


            if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {


                response.setStatus(HttpServletResponse.SC_OK);


                return;


            }


 


            chain.doFilter(req, res);


        }


    }


}