自己做网站的时候,经常遇到跨域问题,下面是平时多次实践总结出的解决方法,大家有什么更好的思路,可以相互交流下~
XMLHttpRequest cannot load http://www.imooc.com/data/che... No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.
解决方法:跨源问题,添加cors。
1.filter或者servlet里面添加response.setHeader("Access-Control-Allow-Origin", "");2.response.setHeader("Access-Control-Allow-Origin", "");放到接收客户端api 的地方
3.如果是servlet的话就放到get或者post方法里面,jsp页面就扔到第一行
4.如果是filter部署就扔到dofilter()
---------------------------------springmvc---------------------------------
添加SimpleCORSFilter.java
import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletResponse;import org.springframework.stereotype.Component;@Componentpublic class SimpleCORSFilter implements Filter { public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "x-requested-with"); //response.setHeader("Access-Control-Allow-Headers", "Content-Type"); // response.setContentType("text/html;charset=UTF-8"); // response.setHeader("Access-Control-Allow-Origin", "*"); // response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); // response.setHeader("Access-Control-Max-Age", "0"); // response.setHeader("Access-Control-Allow-Headers", "Authentication, Origin, Accept, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, token"); // response.setHeader("Access-Control-Allow-Credentials", "true"); // response.setHeader("XDomainRequestAllowed","1"); chain.doFilter(req, res); } public void init(FilterConfig filterConfig) {} public void destroy() {}}web.xml添加
<filter> <filter-name>SimpleCORSFilter</filter-name> <filter-class>com.zhcs.context.SimpleCORSFilter</filter-class></filter><filter-mapping> <filter-name>SimpleCORSFilter</filter-name> <url-pattern>/app/*</url-pattern></filter-mapping>--------------------------------------OR-------------------------------------
添加 CorsConfigureAdapter.java
import org.springframework.context.annotation.Configuration;import org.springframework.web.servlet.config.annotation.CorsRegistry;import org.springframework.web.servlet.config.annotation.EnableWebMvc;import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;@Configuration@EnableWebMvcpublic class CorsConfigureAdapter extends WebMvcConfigurerAdapter { @Override public void addCorsMappings(CorsRegistry registry) { super.addCorsMappings(registry); registry.addMapping("/**"); }}在Controller上或方法上使用@CrossOrigin注解
@CrossOrigin(maxAge = 3600)--------------------------------------xml-------------------------------------
<mvc:cors> <mvc:mapping path="/**" /></mvc:cors><mvc:cors> <mvc:mapping path="/api/**" allowed-origins="http://domain1.com, http://domain2.com" allowed-methods="GET, PUT" allowed-headers="header1, header2, header3" exposed-headers="header1, header2" allow-credentials="false" max-age="123" /> <mvc:mapping path="/resources/**" allowed-origins="http://domain1.com" /></mvc:cors>--------------------------------------Nginx支持跨域请求--------------------------------------
location /{ add_header 'Access-Control-Allow-Origin' 'http://other.subdomain.com'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET'; ... the rest of your configuration here ...}