- response.setHeader("Access-Control-Allow-Origin",发起请求的域名例如:http://baidu.com 一定要全域名);
- response.addHeader("Access-Control-Allow-Credentials","true");
- response.addHeader("Access-Control-Allow-Methods","GET,POST,PUT,DELETE,OPTIONS");
- response.addHeader("P3P","CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR");
ajax请求时也需要加参数:
- $.ajax({
- type: "get",url: "url",dataType: 'text',xhrFields: {
- withCredentials: true
- },crossDomain: true,success: function(data){
- console.log(data);
- }
- }
- );
这样解决了, 跨域cookie传递问题, 后来就出现了一个问题, PUT , DELETE 方法请求时出现问题, 看到后台日志很明显是用OPTION 方法请求, 后来查了资料才知道, 这叫OPTION预检, 预检的时候没有在springmvc里找到对应的方法, 直接报错, 最后加上过滤器
- logger.info("http method:{}",httpServletRequest.getMethod());
- if (httpServletRequest.getHeader("Access-Control-Request-Method") != null
- && StringUtils.equalsIgnoreCase("OPTIONS",httpServletRequest.getMethod()) ) {
- // CORS "pre-flight" request
- httpServletResponse.addHeader("Access-Control-Allow-Origin","*");
- httpServletResponse.addHeader("Access-Control-Allow-Methods",DELETE");
- httpServletResponse.addHeader("Access-Control-Allow-Headers","Content-Type");
- httpServletResponse.addHeader("Access-Control-Max-Age","1800");//30 min
- return;
- }
- filterChain.doFilter(httpServletRequest,httpServletResponse);
OPTION 预检直接返回,后面正常请求就能成功处理了。