|
|
@@ -30,29 +30,27 @@ public class OriginFilter implements Filter {
|
|
|
|
|
|
@Override
|
|
|
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
|
|
|
- HttpServletResponse response = (HttpServletResponse) servletResponse;
|
|
|
+
|
|
|
HttpServletRequest request = (HttpServletRequest) servletRequest;
|
|
|
- //指定允许其他域名访问
|
|
|
+ HttpServletResponse response = (HttpServletResponse) servletResponse;
|
|
|
+ response.setHeader("x-frame-options", "SAMEORIGIN");
|
|
|
+ // 不使用*,自动适配跨域域名,避免携带Cookie时失效
|
|
|
String origin = request.getHeader("Origin");
|
|
|
- response.setHeader("Access-Control-Allow-Origin", origin);
|
|
|
- // 允许请求的方法
|
|
|
- response.setHeader("Access-Control-Allow-Methods", "*");
|
|
|
- // 多少秒内,不需要再发送预检验请求,可以缓存该结果
|
|
|
- response.setHeader("Access-Control-Max-Age", "3600");
|
|
|
- // 表明它允许跨域请求包含xxx头
|
|
|
+ if (StringUtils.isNotBlank(origin)) {
|
|
|
+ response.setHeader("Access-Control-Allow-Origin", origin); }
|
|
|
+ // 自适应所有自定义头
|
|
|
String headers = request.getHeader("Access-Control-Request-Headers");
|
|
|
if(StringUtils.isNotBlank(headers)) {
|
|
|
response.setHeader("Access-Control-Allow-Headers", headers);
|
|
|
response.setHeader("Access-Control-Expose-Headers", headers);
|
|
|
}
|
|
|
+ // 允许跨域的请求方法类型
|
|
|
+ response.setHeader("Access-Control-Allow-Methods", "*");
|
|
|
+ // 预检命令(OPTIONS)缓存时间,单位:秒
|
|
|
+ response.setHeader("Access-Control-Max-Age", "3600");
|
|
|
+ // 明确许可客户端发送Cookie,不允许删除字段即可
|
|
|
response.setHeader("Access-Control-Allow-Credentials", "true");
|
|
|
- response.setHeader("XDomainRequestAllowed","1");
|
|
|
- if (request.getMethod().equals("OPTIONS")) {
|
|
|
- response.setStatus(200);
|
|
|
- response.getWriter().write("OPTIONS returns OK");
|
|
|
- return;
|
|
|
- }
|
|
|
- filterChain.doFilter(servletRequest, response);
|
|
|
+ filterChain.doFilter(request, response);
|
|
|
}
|
|
|
}
|
|
|
|
lyhzzz