A股代码
blame | history | patch | commit | commitdiff | ignore whitespace
1
zj
6 hours ago d615fc515fc52d6ed970c11d59a017e48de4be32 
 src/main/java/com/nq/config/MyCorsFilter.java


@@ -1,26 +1,68 @@


package com.nq.config;




import org.apache.commons.lang3.StringUtils;


import org.springframework.boot.web.servlet.FilterRegistrationBean;


import org.springframework.context.annotation.Bean;


import org.springframework.context.annotation.Configuration;


import org.springframework.web.cors.CorsConfiguration;


import org.springframework.web.cors.UrlBasedCorsConfigurationSource;


import org.springframework.web.filter.CorsFilter;


import org.springframework.core.Ordered;




import javax.servlet.Filter;


import javax.servlet.FilterChain;


import javax.servlet.ServletException;


import javax.servlet.ServletRequest;


import javax.servlet.ServletResponse;


import javax.servlet.http.HttpServletRequest;


import javax.servlet.http.HttpServletResponse;


import java.io.IOException;




/**


 * 跨域:回显请求 Origin,兼容管理后台/用户端从任意域名访问 API。


 */


@Configuration


    public class MyCorsFilter{


        private CorsConfiguration corsConfig(){


            CorsConfiguration corsConfiguration = new CorsConfiguration();


            corsConfiguration.addAllowedHeader("*");


            corsConfiguration.addAllowedMethod("*");


            corsConfiguration.addAllowedOrigin("*");


            corsConfiguration.setMaxAge(3600L);


            corsConfiguration.setAllowCredentials(true);


            return corsConfiguration;


public class MyCorsFilter {




    @Bean


    public FilterRegistrationBean<Filter> corsFilterRegistration() {


        FilterRegistrationBean<Filter> bean = new FilterRegistrationBean<>();


        bean.setFilter(new DynamicCorsFilter());


        bean.addUrlPatterns("/*");


        bean.setOrder(Ordered.HIGHEST_PRECEDENCE);


        return bean;


    }




    static class DynamicCorsFilter implements Filter {


        @Override


        public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)


                throws IOException, ServletException {


            HttpServletRequest request = (HttpServletRequest) req;


            HttpServletResponse response = (HttpServletResponse) res;




            String origin = request.getHeader("Origin");


            if (StringUtils.isNotBlank(origin)) {


                response.setHeader("Access-Control-Allow-Origin", origin);


                response.setHeader("Access-Control-Allow-Credentials", "true");


                response.addHeader("Vary", "Origin");


            }




            response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS");




            // credentials 模式下浏览器不接受 Allow-Headers: *,需回显预检请求头


            String requestHeaders = request.getHeader("Access-Control-Request-Headers");


            if (StringUtils.isNotBlank(requestHeaders)) {


                response.setHeader("Access-Control-Allow-Headers", requestHeaders);


            } else {


                response.setHeader("Access-Control-Allow-Headers",


                        "Content-Type, admintoken, USERTOKEN, lang, Authorization, X-Requested-With, Accept, Origin");


            }




            response.setHeader("Access-Control-Max-Age", "3600");




            if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {


                response.setStatus(HttpServletResponse.SC_OK);


                return;


            }




            chain.doFilter(req, res);


        }


        @Bean


        public CorsFilter corsFilter(){


            UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();


            source.registerCorsConfiguration("/**",corsConfig());


            return new CorsFilter(source);


        }


    }


}