From d615fc515fc52d6ed970c11d59a017e48de4be32 Mon Sep 17 00:00:00 2001
From: zj <1772600164@qq.com>
Date: Tue, 16 Jun 2026 16:43:58 +0800
Subject: [PATCH] 1
---
src/main/java/com/nq/config/MyCorsFilter.java | 78 ++++++++++++++++++++++++++++++---------
1 files changed, 60 insertions(+), 18 deletions(-)
diff --git a/src/main/java/com/nq/config/MyCorsFilter.java b/src/main/java/com/nq/config/MyCorsFilter.java
index a5141dd..a9037c6 100644
--- a/src/main/java/com/nq/config/MyCorsFilter.java
+++ b/src/main/java/com/nq/config/MyCorsFilter.java
@@ -1,26 +1,68 @@
package com.nq.config;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-import org.springframework.web.filter.CorsFilter;
+import org.springframework.core.Ordered;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * 跨域:回显请求 Origin,兼容管理后台/用户端从任意域名访问 API。
+ */
@Configuration
- public class MyCorsFilter{
- private CorsConfiguration corsConfig(){
- CorsConfiguration corsConfiguration = new CorsConfiguration();
- corsConfiguration.addAllowedHeader("*");
- corsConfiguration.addAllowedMethod("*");
- corsConfiguration.addAllowedOrigin("*");
- corsConfiguration.setMaxAge(3600L);
- corsConfiguration.setAllowCredentials(true);
- return corsConfiguration;
+public class MyCorsFilter {
+
+ @Bean
+ public FilterRegistrationBean<Filter> corsFilterRegistration() {
+ FilterRegistrationBean<Filter> bean = new FilterRegistrationBean<>();
+ bean.setFilter(new DynamicCorsFilter());
+ bean.addUrlPatterns("/*");
+ bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return bean;
+ }
+
+ static class DynamicCorsFilter implements Filter {
+ @Override
+ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+ throws IOException, ServletException {
+ HttpServletRequest request = (HttpServletRequest) req;
+ HttpServletResponse response = (HttpServletResponse) res;
+
+ String origin = request.getHeader("Origin");
+ if (StringUtils.isNotBlank(origin)) {
+ response.setHeader("Access-Control-Allow-Origin", origin);
+ response.setHeader("Access-Control-Allow-Credentials", "true");
+ response.addHeader("Vary", "Origin");
+ }
+
+ response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS");
+
+ // credentials 模式下浏览器不接受 Allow-Headers: *,需回显预检请求头
+ String requestHeaders = request.getHeader("Access-Control-Request-Headers");
+ if (StringUtils.isNotBlank(requestHeaders)) {
+ response.setHeader("Access-Control-Allow-Headers", requestHeaders);
+ } else {
+ response.setHeader("Access-Control-Allow-Headers",
+ "Content-Type, admintoken, USERTOKEN, lang, Authorization, X-Requested-With, Accept, Origin");
+ }
+
+ response.setHeader("Access-Control-Max-Age", "3600");
+
+ if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
+ response.setStatus(HttpServletResponse.SC_OK);
+ return;
+ }
+
+ chain.doFilter(req, res);
}
- @Bean
- public CorsFilter corsFilter(){
- UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
- source.registerCorsConfiguration("/**",corsConfig());
- return new CorsFilter(source);
- }
+ }
}
--
Gitblit v1.9.3