Shulou(Shulou.com)06/02 Report--

This article mainly explains "how to solve the problem that springboot setting CorsFilter cross-domain does not take effect". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to solve the problem of springboot setting CorsFilter cross-domain invalid".

Set the description of solving problems in which CorsFilter cross-domain does not take effect.

The company's front-end and front-end development project encountered cross-domain problems during local debugging. My colleague transferred my service to prompt cross-domain problems all the time, and then the front-end nb himself did cross-domain processing, similar to nginx, but I still went to Baidu and found a solution in a boss's blog.

The reason for the problem is that the filter written to determine the login affects the login, because the execution order of the filter is caused before the corsfilter, so the configuration file of the cross-domain setting is modified.

Solution / * uses CORS to solve the ajax cross-domain access problem * / @ Configurationpublic class GlobalCorsConfig {@ Bean public FilterRegistrationBean corsFilter () {/ / 1. Add CORS configuration information CorsConfiguration config = new CorsConfiguration (); / / 1) do not write *, otherwise cookie will not be able to use / / config.addAllowedOrigin ("http://manage.leyou.com"); / / config.addAllowedOrigin (" http://www.leyou.com"); config.addAllowedOrigin ("*")) / / 2) whether to send Cookie message config.setAllowCredentials (true); / / 3) the allowed request method config.addAllowedMethod ("OPTIONS"); config.addAllowedMethod ("HEAD"); config.addAllowedMethod ("GET"); config.addAllowedMethod ("PUT"); config.addAllowedMethod ("POST"); config.addAllowedMethod ("DELETE") Config.addAllowedMethod ("PATCH"); config.setMaxAge (3600L); / / 4) allowed header information config.addAllowedHeader ("*"); / / 2. By adding the mapping path, we intercept all requests UrlBasedCorsConfigurationSource configSource = new UrlBasedCorsConfigurationSource (); configSource.registerCorsConfiguration ("/ * *", config); / / 3. Returns the new CorsFilter. / / return new CorsFilter (configSource); FilterRegistrationBean bean = new FilterRegistrationBean (new CorsFilter (configSource)); bean.setOrder (0); return bean;}} reasons why cross-domain configuration CorsFilter does not take effect

When there is more than one Filter in a project, you need to set the execution order of the filter through @ Order (Ordered.HIGHEST_PRECEDENCE) annotation

Rules of order

1. The smaller the value of order, the higher the priority.

2. If order does not mark a number, it defaults to the lowest priority because its default value is the maximum value of int.

3. This annotation is equivalent to implementing the getOrder method of the Ordered interface and returning a number.

If you use the method commented out below to set cross-domain, the front end will prompt you to cross-domain when you directly return out in the doFilter () method of Filter.

Because the CorsConfig does not implement the Filter interface, even if the @ Order annotation is added, it will not take effect. You need to return a new FilterRegistrationBean out in the following new way, and set the order

Import com.nanase.takeshi.constants.JwtConstant;import lombok.extern.slf4j.Slf4j;import org.springframework.boot.web.servlet.FilterRegistrationBean;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.core.Ordered;import org.springframework.web.cors.CorsConfiguration;import org.springframework.web.cors.UrlBasedCorsConfigurationSource;import org.springframework.web.filter.CorsFilter / * CorsConfig * Cross-domain request configuration * * @ author 725 * @ date 18:17 on 2020-12-10 * / @ Slf4j@Configurationpublic class CorsConfig {private CorsConfiguration buildConfig () {CorsConfiguration corsConfiguration = new CorsConfiguration (); / 1 set access source address corsConfiguration.addAllowedOrigin ("*"); / / 2 set access source header corsConfiguration.addAllowedHeader ("*") / / 3 set the access source request method corsConfiguration.addAllowedMethod ("*"); / / 4 which header information is exposed corsConfiguration.addExposedHeader (JwtConstant.HEADER); return corsConfiguration;} / * * @ Bean public CorsFilter corsFilter () {log.info ("Cross-domain settings.") ; UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource (); / / A pair of interface configuration cross-domain settings source.registerCorsConfiguration ("/ * *", buildConfig ()); return new CorsFilter (source);} * / @ Bean public FilterRegistrationBean corsFilter () {log.info ("Cross-domain settings.") ; UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource (); / / 5 set source.registerCorsConfiguration ("/ * *", buildConfig ()) across domains for interface configuration; / / if there are multiple filter, set the priority execution order of changing CorsFilter here FilterRegistrationBean bean = new FilterRegistrationBean (new CorsFilter (source)); bean.setOrder (Ordered.HIGHEST_PRECEDENCE); return bean }} Thank you for your reading. The above is the content of "how to solve the cross-domain invalid problem of setting springboot CorsFilter". After the study of this article, I believe you have a deeper understanding of how to solve the problem of cross-domain invalid setting of springboot CorsFilter. The specific use situation still needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.