Springboot2.x开启跨域配置详解

1 什么是浏览器跨域和springboot怎么解决？

跨域：浏览器同源策略 1995年，同源政策由 Netscape 公司引⼊浏览器。
⽬前，所有浏览器都实⾏这个政策。最初，它的含义是指，A⽹⻚设置的 Cookie，B⽹⻚不能打开，除⾮这两个⽹⻚"同源"。所谓"同源"指的是"三个相同"。
协议相同 http https
域名相同 www.xdclass.net
端⼝相同 80 81
⼀句话：浏览器从⼀个域名的⽹⻚去请求另⼀个域名的资源时，域名、端⼝、协议任⼀不同，都是跨域
浏览器控制台跨域提示：

No 'Access-Control-Allow-Origin' header is present on the requested 
resource. Origin 'null' is therefore not allowed access.
1
2

2 开启跨域配置

public class CorsIntercepter implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

        //表示接受任意域名的请求,也可以指定域名
        response.setHeader("Access-Control-Allow-Origin", request.getHeader("origin"));
        //该字段可选，是个布尔值，表示是否可以携带cookie
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS");
        response.setHeader("Access-Control-Allow-Headers", "*");
        if (HttpMethod.OPTIONS.toString().equals(request.getMethod())){
            return  true;
        }

        return true;
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
        HandlerInterceptor.super.postHandle(request, response, handler, modelAndView);
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        HandlerInterceptor.super.afterCompletion(request, response, handler, ex);
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

3 在IntercepterConfig中进行注册