org.ebaysf.web的cors-filter使用,cors-filter跨域请求

2024-02-21 16:47:46

org.ebaysf.web的cors-filter使用,cors-filter跨域请求

 

================================

©Copyright 蕃薯耀 2020-11-26

https://www.cnblogs.com/fanshuyao/

 

cors-filter为第三方(ebay)组件。

一、官网地址

https://github.com/ebay/cors-filter

 

二、Springboot使用cors-filter

1、引入依赖

<dependency>
    <groupId>org.ebaysf.web</groupId>
    <artifactId>cors-filter</artifactId>
    <version>1.0.1</version>
</dependency>

2、配置类

import javax.servlet.Filter;

import org.ebaysf.web.cors.CORSFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

/**
 * 过滤器配置类
 */
@Configuration
public class HttpFilterConfig {
    
    
    /**
     * org.ebaysf.web cors-filter
     * @return
     */
    @Bean
    public FilterRegistrationBean<Filter> corsFilter() {
        FilterRegistrationBean<Filter> registration = new FilterRegistrationBean<>();
        
        registration.setFilter(new CORSFilter());//org.ebaysf.web.cors.CORSFilter
        
        //这个可直接不配置
        //Defaults: true
        registration.addInitParameter("cors.support.credentials", "true");
        
        //这个可直接不配置
        //Defaults: * (Any origin is allowed to access the resource).
        registration.addInitParameter("cors.allowed.origins", "http://127.0.0.1:7010");
        
        //这个可直接不配置
        //Defaults: GET,POST,HEAD,OPTIONS
        registration.addInitParameter("cors.allowed.methods", "GET,POST");
        
        //这个可直接不配置
        // Defaults: Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers
        registration.addInitParameter("cors.allowed.headers", "*");
        
        //这个可直接不配置
        //Default: None
        registration.addInitParameter("cors.exposed.headers", "");
        
        //这个可直接不配置
        //Defaults: 1800。3600表示一个小时
        registration.addInitParameter("cors.preflight.maxage", "3600");
        
        //这个可直接不配置
        //A flag to control logging to container logs. Defaults: false
        registration.addInitParameter("cors.logging.enabled", "true");
        
        //这个可直接不配置
        //A flag to control if the request should be decorated or not. Defaults: true
        registration.addInitParameter("cors.request.decorate", "true");
        
        
        registration.setName("CORSFilter"); //过滤器名称
        registration.addUrlPatterns("/*");//过滤路径
        registration.setOrder(1); //设置顺序
        return registration;
    }
    
}

 

 

三、Spring Web应用使用cors-filter

1、引入Jar包,放在项目的/WEB-INF/lib/目录下

cors-filter-1.0.1.jar

下载地址:

https://repo1.maven.org/maven2/org/ebaysf/web/cors-filter/1.0.1/cors-filter-1.0.1.jar

2、在WEB-INF/web.xml配置过滤器

 <filter>
    <filter-name>CORS Filter</filter-name>
    <filter-class>org.ebaysf.web.cors.CORSFilter</filter-class>
 </filter>
 <filter-mapping>
    <filter-name>CORS Filter</filter-name>
    <url-pattern>/*</url-pattern>
 </filter-mapping>

 

四、参数

cors.allowed.origins

A list of origins that are allowed to access the resource. A '*' can be specified to enable access to resource from any origin. Otherwise, a whitelist of comma separated origins can be provided. Ex: http://www.w3.org, https://www.apache.org. Defaults: * (Any origin is allowed to access the resource).

 

cors.allowed.methods

A comma separated list of HTTP methods that can be used to access the resource, using cross-origin requests. These are the methods which will also be included as part of 'Access-Control-Allow-Methods' header in a pre-flight response. Ex: GET,POST. Defaults: GET,POST,HEAD,OPTIONS

 

cors.allowed.headers

A comma separated list of request headers that can be used when making an actual request. These header will also be returned as part of 'Access-Control-Allow-Headers' header in a pre-flight response. Ex: Origin,Accept. Defaults: Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers

 

cors.exposed.headers

A comma separated list of headers other than the simple response headers that browsers are allowed to access. These are the headers which will also be included as part of 'Access-Control-Expose-Headers' header in the pre-flight response. Ex: X-CUSTOM-HEADER-PING,X-CUSTOM-HEADER-PONG. Default: None

 

cors.preflight.maxage

The amount of seconds, browser is allowed to cache the result of the pre-flight request. This will be included as part of 'Access-Control-Max-Age' header in the pre-flight response. A negative value will prevent CORS Filter from adding this response header from pre-flight response. Defaults: 1800

 

cors.support.credentials

A flag that indicates whether the resource supports user credentials. This flag is exposed as part of 'Access-Control-Allow-Credentials' header in a pre-flight response. It helps browser determine whether or not an actual request can be made using credentials. Defaults: true

 

 

cors.logging.enabled

A flag to control logging to container logs. Defaults: false

 

cors.request.decorate

A flag to control if the request should be decorated or not. Defaults: true
To override filter configuration defaults, specify them in the init-params while configuring the filter in web.xml. Example:

 

参数配置示例(Xml)

<filter>
    <filter-name>CORS Filter</filter-name>
    <filter-class>org.ebaysf.web.cors.CORSFilter</filter-class>
    <init-param>
      <description>A comma separated list of allowed origins. Note: An '*' cannot be used for an allowed origin when using credentials.</description>
      <param-name>cors.allowed.origins</param-name>
      <param-value>http://localhost:8080,http://localhost.ebay.com:8080</param-value>
    </init-param>
    <init-param>
      <description>A comma separated list of HTTP verbs, using which a CORS request can be made.</description>
      <param-name>cors.allowed.methods</param-name>
      <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
    </init-param>
    <init-param>
      <description>A comma separated list of allowed headers when making a non simple CORS request.</description>
      <param-name>cors.allowed.headers</param-name>
      <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
    </init-param>
    <init-param>
      <description>A comma separated list non-standard response headers that will be exposed to XHR2 object.</description>
      <param-name>cors.exposed.headers</param-name>
      <param-value></param-value>
    </init-param>
    <init-param>
      <description>A flag that suggests if CORS is supported with cookies</description>
      <param-name>cors.support.credentials</param-name>
      <param-value>true</param-value>
    </init-param>
    <init-param>
      <description>A flag to control logging</description>
      <param-name>cors.logging.enabled</param-name>
      <param-value>true</param-value>
    </init-param>
    <init-param>
      <description>Indicates how long (in seconds) the results of a preflight request can be cached in a preflight result cache.</description>
      <param-name>cors.preflight.maxage</param-name>
      <param-value>10</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>CORS Filter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

 

 

================================

©Copyright 蕃薯耀 2020-11-26

https://www.cnblogs.com/fanshuyao/

上一篇:跨域资源共享 CORS 详解


下一篇:预检请求 OPTIONS