cors-filter过滤器解决跨域问题

news/2024/11/13 10:46:07/文章来源:https://www.cnblogs.com/lvjinlin/p/18336529

https://www.cnblogs.com/fanshuyao/

 

cors-filter为第三方组件。

一、官网地址

http://software.dzhuvinov.com/cors-filter.html

 

二、Springboot使用cors-filter

1、引入依赖

<dependency><groupId>com.thetransactioncompany</groupId><artifactId>cors-filter</artifactId><version>2.9</version>
</dependency>

2、配置类

复制代码
import javax.servlet.Filter;import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;import com.thetransactioncompany.cors.CORSFilter;/*** 使用配置方式开发Filter,否则其中的自动注入无效** @author Chris.Liao*/
@Configuration
public class HttpFilterConfig {/*** com.thetransactioncompany cors-filter* @return*/@Beanpublic FilterRegistrationBean<Filter> corsFilter() {FilterRegistrationBean<Filter> registration = new FilterRegistrationBean<>();registration.setFilter(new CORSFilter()); //cors.supportsCredentials {true|false} defaults to true.//registration.addInitParameter("cors.supportsCredentials", "true");registration.addInitParameter("cors.allowOrigin", "http://127.0.0.1:7010,http://lqy.com:7010");//不符合时,报错:Cross-Origin Resource Sharing (CORS) Filter: CORS origin denied//cors.supportedMethods {method-list} defaults to "GET, POST, HEAD, OPTIONS".registration.addInitParameter("cors.supportedMethods", "GET,POST");//不符合时,报错:Cross-Origin Resource Sharing (CORS) Filter: Unsupported HTTP method//cors.supportedHeaders {"*"|header-list} defaults to *.//registration.addInitParameter("cors.supportedHeaders", "*");//cors.exposedHeaders {header-list} defaults to empty list.//registration.addInitParameter("cors.exposedHeaders", "");//cors.maxAge {int} defaults to -1 (unspecified).3600表示一个小时registration.addInitParameter("cors.maxAge", "3600");//cors.allowSubdomains {true|false} defaults to false.//cors.allowGenericHttpRequests {true|false} defaults to true.//cors.tagRequests {true|false} defaults to false (no tagging).registration.setName("CORSFilter"); //过滤器名称registration.addUrlPatterns("/*");//过滤路径registration.setOrder(1); //设置顺序return registration;}
}
复制代码

 

三、Spring Web应用使用cors-filter

1、引入Jar包(2个),放在项目的/WEB-INF/lib/目录下

cors-filter-2.9.jar

java-property-utils-1.13.jar

下载地址:

https://repo1.maven.org/maven2/com/thetransactioncompany/cors-filter/2.9/cors-filter-2.9.jar

https://repo1.maven.org/maven2/com/thetransactioncompany/java-property-utils/1.13/java-property-utils-1.13.jar

当前最新版为:2.9

 

2、在WEB-INF/web.xml配置过滤器

最简单的配置:

复制代码
<filter><filter-name>CORS</filter-name><filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
</filter>
<filter-mapping><filter-name>CORS</filter-name><url-pattern>/*</url-pattern>
</filter-mapping>
复制代码

 

带初始化参数的配置:

复制代码
<filter><filter-name>CORS</filter-name><filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class><init-param><param-name>cors.allowOrigin</param-name><param-value>http://example.com</param-value></init-param>
</filter>

复制代码

 

四、cors-filter 初始化参数:

复制代码
cors.allowGenericHttpRequestscors.allowOrigincors.allowSubdomainscors.supportedMethodscors.supportedHeaderscors.exposedHeaderscors.supportsCredentialscors.maxAgecors.tagRequests
复制代码

 

cors.allowGenericHttpRequests {true|false} defaults to true.

If true generic HTTP requests will be allowed to pass through the filter, else only valid and accepted CORS requests will be allowed (strict CORS filtering).

 

cors.allowOrigin {"*"|origin-list} defaults to *.
Whitespace-separated list of origins that the CORS filter must allow. Requests from origins not included here will be refused with an HTTP 403 "Forbidden" response. If set to * (asterisk) any origin will be allowed.

 

cors.allowSubdomains {true|false} defaults to false.
If true the CORS filter will allow requests from any origin which is a subdomain origin of the allowed origins. A subdomain is matched by comparing its scheme and suffix (host name / IP address and optional port number).

 

cors.supportedMethods {method-list} defaults to "GET, POST, HEAD, OPTIONS".
List of the supported HTTP methods. These are advertised through the Access-Control-Allow-Methods header and must also be implemented by the actual CORS web service. Requests for methods not included here will be refused by the CORS filter with an HTTP 405 "Method not allowed" response.

 

cors.supportedHeaders {"*"|header-list} defaults to *.
The names of the supported author request headers. These are advertised through the Access-Control-Allow-Headers header.

If the configuration property value is set to * (asterisk) any author request header will be allowed. The CORS Filter implements this by simply echoing the requested value back to the browser.

 

cors.exposedHeaders {header-list} defaults to empty list.
List of the response headers other than simple response headers that the browser should expose to the author of the cross-domain request through the XMLHttpRequest.getResponseHeader() method. The CORS filter supplies this information through the Access-Control-Expose-Headers header.

 

cors.supportsCredentials {true|false} defaults to true.
Indicates whether user credentials, such as cookies, HTTP authentication or client-side certificates, are supported. The CORS filter uses this value in constructing the Access-Control-Allow-Credentials header.

 

cors.maxAge {int} defaults to -1 (unspecified).
Indicates how long the results of a preflight request can be cached by the web browser, in seconds. If -1 unspecified. This information is passed to the browser via the Access-Control-Max-Age header.

 

cors.tagRequests {true|false} defaults to false (no tagging).
Enables HTTP servlet request tagging to provide CORS information to downstream handlers (filters and/or servlets).

 

 

总结:cors跨域请求解决方案(建议采用方案1)

1、springboot CORS 跨域请求解决三大方案,springboot CorsFilter解决跨域问题

https://www.cnblogs.com/fanshuyao/p/14030944.html

 

2、cors-filter使用,cors-filter解决跨域访问,cors-filter跨域请求

https://www.cnblogs.com/fanshuyao/p/14036848.html

 

3、org.ebaysf.web的cors-filter使用,cors-filter跨域请求

https://www.cnblogs.com/fanshuyao/p/14042293.html

 

4、java tomcat-catalina CorsFilter使用,apache tomcat-catalina CorsFilter使用

https://www.cnblogs.com/fanshuyao/p/14042420.html

 

5、springboot jsonp 跨域请求,springboot使用jsonp跨域

https://www.cnblogs.com/fanshuyao/p/14034014.html

 

https://www.cnblogs.com/fanshuyao/

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.hqwc.cn/news/776109.html

如若内容造成侵权/违法违规/事实不符,请联系编程知识网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

ThinkPHP6之Excel解析

PhpSpreadsheet解析Excel文件 安装 PhpSpreadsheet 通过 Composer 安装了 PhpSpreadsheet: composer require phpoffice/phpspreadsheet控制器 ExcelController <?phpnamespace app\controller;use think\facade\Db; use think\facade\Request; use think\facade\View; us…

腾讯云数据库认证官方的考试费是多少钱?

腾讯云的认证项目很多,包括云计算、大数据、人工智能等多个技术领域方向的认证路径,每个方向包括工程师(Associate)、高级工程师(Professional)、专家(Expert)三个不同的等级。 对于数据库方面,腾讯云的这三个级别的考试费用分别是: TCCA工程师:1200元 TCCP高级工程师:18…

P3043 [USACO12JAN] Bovine Alliance G 题解

P3043 [USACO12JAN] Bovine Alliance G 题目传送门 思路 首先分情况讨论每种联通块的可能,有三种不同的情况会对答案 \(ans\) 产生不同的贡献。 联通块有环如图,因为每条边都有要有归属,所以环上的边只能全都顺时针或逆时针属于某个点,且不在环上的点仅有一种可能。 因此该…

组合数学学习笔记(持续完善中)

基础知识 一、加法原理 完成某个工作有 \(n\) 类办法,第 \(i\) 类办法有 \(a_i\) 种,则完成此工作的方案数有 \(\sum\limits _{i=1}^n a_i\) 种。 二、乘法原理 完成某个工作有 \(n\) 个步骤,第 \(i\) 个步骤有 \(b_i\) 种,则完成此工作的方案数有 \(\prod\limits _{i=1}^n…

Apple Safari 17.6 - macOS 专属浏览器 (独立安装包下载)

Apple Safari 17.6 - macOS 专属浏览器 (独立安装包下载)Apple Safari 17.6 - macOS 专属浏览器 (独立安装包下载) 适用于 macOS Ventura 和 macOS Monterey 的 Safari 浏览器 17 请访问原文链接:https://sysin.org/blog/apple-safari-17/,查看最新版。原创作品,转载请保留出…

Gartner 魔力象限:安全信息和事件管理 (SIEM) 2024

Gartner Magic Quadrant for Security Information and Event Management 2024Gartner Magic Quadrant for Security Information and Event Management 2024 Gartner 魔力象限:安全信息和事件管理 2024 请访问原文链接:https://sysin.org/blog/gartner-magic-quadrant-siem-…

Metasploit Pro 4.22.2-2024072501 (Linux, Windows) - 专业渗透测试框架

Metasploit Pro 4.22.2-2024072501 (Linux, Windows) - 专业渗透测试框架Metasploit Pro 4.22.2-2024072501 (Linux, Windows) - 专业渗透测试框架 Rapid7 Penetration testing, release Jul 25, 2024 请访问原文链接:https://sysin.org/blog/metasploit-pro-4/,查看最新版。…

C#中常用集合类型

原文:C#中常用集合类型 - Y00 - 博客园 (cnblogs.com)在C#中,集合是用于存储和操作一组数据项的数据结构。这些集合通常位于 System.Collections 和 System.Collections.Generic 命名空间中。下面我将概述C#中几种常用的集合类型及其特点: 1. System.Collections 命名空间中…

[实践]wireguard安装和配置

wireguard安装和配置,实现异地组网目录Server Install & ConfigUbuntu 20.0.4 install wireguard生成私钥&公钥开启内核IP转发配置文件启动&停止wg-quicksystemctlClient Install & Config下载ConfigmacOS Server Install & Config Ubuntu 20.0.4 install…

费曼积分法——以一个简单的例子讲解

今天又又又刷到一个视频,很想睡觉(昨晚熬了个大夜),但是又临近午饭不能睡,只能水篇随笔来打发时间了。 什么是费曼积分法? 先看看官方解释: 费曼积分法(Feynman integral)是一种求解复变函数定积分的计算方法,由理查德费曼(Richard P. Feynman)提出。这种方法特别适…

wireguard安装和使用

wireguard安装和使用目录Server Install & ConfigUbuntu 20.0.4 install wireguard生成私钥&公钥开启内核IP转发配置文件启动&停止wg-quicksystemctlClient Install & Config下载ConfigmacOS Server Install & Config Ubuntu 20.0.4 install wireguard sud…

Adam-mini:内存占用减半,性能更优的深度学习优化器

Adam(W)目前为训练LLM的主流优化器,但其内存开销较大,这是因为Adam优化器需要存储一阶动量m和二阶动量v,总内存占用至少是模型大小的两倍,这对现有的高端显卡也是一种负担。论文提出一种新的优化器Adam-mini,在不牺牲性能的情况下减少Adam优化器的内存占用。 https://avo…