springboot解决跨域设置

前端设置每次请求携带 cookie【携带sessionid】

1
2
3

axios.defaults.headers.common['token'] = getToken();
// axios.defaults.headers.common['refreshToken'] = getRefreshToken();
axios.defaults.withCredentials=true

后端设置 跨域头

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

package io.github.lyr2000.dissertation.config;

import org.checkerframework.checker.units.qual.C;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

/**
 * @author LYR666
 * @description 跨域配置
 * @create 2021-11-05 11:46
 */
@Configuration
public class CorsConfig   {
    @Bean
    public WebMvcConfigurer corsConfigurer(/*WebMvcConfigurer configurer*/) {

        // configurer.addCorsMappings();
        return new WebMvcConfigurer() {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
                registry.addMapping("/**")
                        .allowCredentials(true)
                        .allowedMethods("POST","PATCH","PATCH", "GET", "PUT", "OPTIONS", "DELETE")
                        .allowedOrigins("http://localhost:3000");
            }
        };
         
    }
    
}

allowCredentials 表示运行携带 cookie

shiro 中的设置

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22

 @Override
    protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;

        httpServletResponse.setHeader("Access-control-Allow-Origin", "http://localhost:3000"); //标识允许哪个域到请求,直接修改成请求头的域
        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true"); //标识允许哪个域到请求,直接修改成请求头的域
        httpServletResponse.setHeader("Access-Control-Allow-Methods", httpServletRequest.getMethod());//标识允许的请求方法
        // 响应首部 Access-Control-Allow-Headers 用于 preflight request (预检请求)中,列出了将会在正式请求的 Access-Control-Expose-Headers 字段中出现的首部信息。修改为请求首部
        //参考:https://cloud.tencent.com/developer/section/1189900
        // httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers"));
        httpServletResponse.setHeader("Access-Control-Allow-Headers", "Content-Type, Content-Length, Authorization, Accept, X-Requested-With , token");
        log.info("request.. {}",httpServletRequest.getHeader("Origin"));
        //给option请求直接返回正常状态
        if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
            // log.info("options is OK");
            httpServletResponse.setStatus(HttpStatus.OK.value());
            return false;
        }

        return super.preHandle(request, response);
    }