When we need to provide services to the outside world through the restful interface, if the architecture is separated from the front and back ends at this time, it will involve cross-domain issues. How to solve cross-domain issues? Let’s discuss this issue below.
Solution 1: Add @CrossOrigin annotation on the Controller
How to use it is as follows:
@CrossOrigin // Annotation method @RestController public class HandlerScanController { @CrossOrigin(allowCredentials="true", allowedHeaders="*", methods={RequestMethod.GET, RequestMethod.POST, RequestMethod.DELETE, RequestMethod.OPTIONS, RequestMethod.HEAD, RequestMethod.PUT, RequestMethod.PATCH}, origins="*") @PostMapping("/confirm") public Response handler(@RequestBody Request json){ return null; } } Solution 2: Global configuration
The code is as follows:
@Configuration public class MyConfiguration { @Bean public WebMvcConfigurer corsConfigurer() { return new WebMvcConfigurerAdapter() { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowCredentials(true) .allowedMethods("GET"); } }; } } Solution 3: Use in combination with Filter
In the main class of spring boot, add a CorsFilter
/** * * attention: Simple cross-domain is GET, HEAD and POST requests, but the "Content-Type" of the POST request can only be application/x-www-form-urlencoded, multipart/form-data or text/plain * Otherwise, it is not simple cross-domain. There is a pre-flight mechanism for this cross-domain. To put it bluntly, it will issue two requests, one OPTIONS request, and one real request*/ @Bean public CorsFilter corsFilter() { final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); final CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); // Allow cookies to cross-domain config.addAllowedOrigin("*"); // #Allowed the URI of requests to this server, * means all allowed. In SpringMVC, if set to *, it will automatically be converted to Origin config.addAllowedHeader("*"); // #Add to access header, * means all config.setMaxAge(18000L); // The cache time of preflight requests (seconds), that is, during this time period, config.addAllowedMethod("OPTIONS"); // Methods that allow submission of requests, * means that all allow config.addAllowedMethod("HEAD"); config.addAllowedMethod("GET");// Allow Get's request method config.addAllowedMethod("PUT"); config.addAllowedMethod("POST"); config.addAllowedMethod("DELETE"); config.addAllowedMethod("PATCH"); source.registerCorsConfiguration("/**", config); return new CorsFilter(source); } Of course, if there are many microservices, you need to add such a piece of code to the main class of each service, which violates the DRY principle. A better approach is to solve cross-domain problems at the gateway layer of zuul, once and for all.
For more information about front-end cross-domain, please refer to: http://www.VeVB.COM/article/83093.htm
The above is all the content of this article. I hope it will be helpful to everyone's learning and I hope everyone will support Wulin.com more.