修复跨域请求问题
- 添加全局CORS配置类CorsConfig.java - 移除SpringSecurityConfig中的重复CORS配置 - 支持所有域名跨域访问并允许携带凭据 - 解决前端跨域请求被阻止的问题
This commit is contained in:
irving
@@ -0,0 +1,64 @@
|
|||||||
|
package com.starry.admin.common.config;
|
||||||
|
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.Collections;
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.web.cors.CorsConfiguration;
|
||||||
|
import org.springframework.web.cors.CorsConfigurationSource;
|
||||||
|
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
||||||
|
import org.springframework.web.filter.CorsFilter;
|
||||||
|
import org.springframework.web.servlet.config.annotation.CorsRegistry;
|
||||||
|
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 跨域配置
|
||||||
|
*
|
||||||
|
* @author admin
|
||||||
|
*/
|
||||||
|
@Configuration
|
||||||
|
public class CorsConfig implements WebMvcConfigurer {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void addCorsMappings(CorsRegistry registry) {
|
||||||
|
registry.addMapping("/**")
|
||||||
|
.allowedOriginPatterns("*")
|
||||||
|
.allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
|
||||||
|
.allowedHeaders("*")
|
||||||
|
.allowCredentials(true)
|
||||||
|
.exposedHeaders("*")
|
||||||
|
.maxAge(3600);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public CorsConfigurationSource corsConfigurationSource() {
|
||||||
|
CorsConfiguration configuration = new CorsConfiguration();
|
||||||
|
|
||||||
|
// 允许所有域名进行跨域调用
|
||||||
|
configuration.setAllowedOriginPatterns(Collections.singletonList("*"));
|
||||||
|
|
||||||
|
// 允许所有请求头
|
||||||
|
configuration.setAllowedHeaders(Collections.singletonList("*"));
|
||||||
|
|
||||||
|
// 允许所有HTTP方法
|
||||||
|
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH", "HEAD"));
|
||||||
|
|
||||||
|
// 允许发送Cookie
|
||||||
|
configuration.setAllowCredentials(true);
|
||||||
|
|
||||||
|
// 暴露哪些头部信息(因为跨域访问默认不能获取全部头部信息)
|
||||||
|
configuration.setExposedHeaders(Arrays.asList("*"));
|
||||||
|
|
||||||
|
// 预检请求的缓存时间(秒)
|
||||||
|
configuration.setMaxAge(3600L);
|
||||||
|
|
||||||
|
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
||||||
|
source.registerCorsConfiguration("/**", configuration);
|
||||||
|
return source;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public CorsFilter corsFilter() {
|
||||||
|
return new CorsFilter(corsConfigurationSource());
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -25,7 +25,6 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|||||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||||
import org.springframework.web.cors.CorsConfiguration;
|
import org.springframework.web.cors.CorsConfiguration;
|
||||||
import org.springframework.web.cors.CorsConfigurationSource;
|
|
||||||
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
||||||
import org.springframework.web.filter.CorsFilter;
|
import org.springframework.web.filter.CorsFilter;
|
||||||
|
|
||||||
@@ -63,7 +62,7 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
.antMatchers("/health", "/health/**").permitAll()
|
.antMatchers("/health", "/health/**").permitAll()
|
||||||
// 跨域请求会先进行一次options请求
|
// 跨域请求会先进行一次options请求
|
||||||
.antMatchers(HttpMethod.OPTIONS).permitAll().anyRequest()// 除上面外的所有请求全部需要鉴权认证
|
.antMatchers(HttpMethod.OPTIONS).permitAll().anyRequest()// 除上面外的所有请求全部需要鉴权认证
|
||||||
.authenticated().and().cors().configurationSource(this.corsConfigurationSource());
|
.authenticated().and().cors();
|
||||||
// 禁用缓存
|
// 禁用缓存
|
||||||
httpSecurity.headers().cacheControl();
|
httpSecurity.headers().cacheControl();
|
||||||
// 添加Logout filter
|
// 添加Logout filter
|
||||||
@@ -74,17 +73,6 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
httpSecurity.exceptionHandling().accessDeniedHandler(customAccessDeniedHandler)
|
httpSecurity.exceptionHandling().accessDeniedHandler(customAccessDeniedHandler)
|
||||||
.authenticationEntryPoint(customAuthenticationEntryPoint);
|
.authenticationEntryPoint(customAuthenticationEntryPoint);
|
||||||
}
|
}
|
||||||
private CorsConfigurationSource corsConfigurationSource() {
|
|
||||||
CorsConfiguration corsConfiguration = new CorsConfiguration();
|
|
||||||
corsConfiguration.setAllowCredentials(true);
|
|
||||||
corsConfiguration.addAllowedHeader("*"); // 这个得加上,一些复杂的请求方式会带有header,不加上跨域会失效。
|
|
||||||
corsConfiguration.addAllowedMethod("*");
|
|
||||||
corsConfiguration.addExposedHeader("*");
|
|
||||||
corsConfiguration.addAllowedOriginPattern("*");
|
|
||||||
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
|
||||||
source.registerCorsConfiguration("/**", corsConfiguration);
|
|
||||||
return source;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public CorsFilter corsFilter() {
|
public CorsFilter corsFilter() {
|
||||||
|
|||||||
Reference in New Issue
Block a user