Shulou(Shulou.com)06/02 Report--

In this issue, the editor will bring you about how to solve the cross-domain problem when AJAX accesses SpringBoot2.0. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

I. introduction to cross-domain

What is a cross-domain problem?

The cross-domain problem stems from JavaScript's "same origin policy", that is, only the protocol + hostname + port number (if any) are the same, then they are allowed to access each other. In other words, JavaScript can only access and operate resources under its own domain, but cannot access and manipulate resources under other domains. Cross-domain problems are aimed at JS and ajax, and html itself does not have cross-domain problems.

In the separate architecture, cross-domain problems will inevitably encounter, for example, a HTML page of the site http://domain-a.com through the src request http://domain-b.com/image.jpg. Many pages on the network load resources such as CSS stylesheets, images and scripts from different domains.

For security reasons, browsers restrict cross-source HTTP requests made from within scripts. For example, XMLHttpRequest and Fetch API follow the same origin policy. This means that Web applications that use these API can only request HTTP resources from the same domain where the application is loaded, unless the CORS header file is used.

The embodiment of cross-domain lies in its different domain name or port, but it should be noted that the following form is non-cross-domain mode.

Http://www.example.com/index.html = = > http://www.example.com/login.html

2. Spring Boot cross-domain (@ CrossOrigin)

Of course, although it refers to SpringBoot here, SpringMVC is also the same, requiring versions of Spring4.2 and above

1. @ CrossOrigin usage scenario requirements

Jdk1.8+

Spring4.2+

2. @ CrossOrigin source code parsing (translation reference network)

@ Target ({ElementType.METHOD, ElementType.TYPE})

@ Retention (RetentionPolicy.RUNTIME)

@ Documented

Public @ interface CrossOrigin {

String [] DEFAULT_ORIGINS = {"*"}

String [] DEFAULT_ALLOWED_HEADERS = {"*"}

Boolean DEFAULT_ALLOW_CREDENTIALS = true

Long DEFAULT_MAX_AGE = 1800

/ * *

* same as origins attribute

, /

@ AliasFor ("origins")

String [] value () default {}

/ * *

* A collection of all supported domains, such as "http://domain1.com"."

*

These values are displayed in the Access-Control-Allow-Origin in the request header

* "*" requests representing all domains are supported

*

If it is not defined, all requested domains support

* @ see # value

, /

@ AliasFor ("value")

String [] origins () default {}

/ * *

* header with request header weight is allowed, which is supported by default.

, /

String [] allowedHeaders () default {}

/ * *

* the header allowed to be accessed in the response header. Default is empty.

, /

String [] exposedHeaders () default {}

/ * *

* request a supported method, such as "{RequestMethod.GET, RequestMethod.POST}"}.

* the methods set in RequestMapping are supported by default

, /

RequestMethod [] methods () default {}

/ * *

* whether to allow cookie to be sent with the request. You must specify a specific domain when using it.

, /

String allowCredentials () default ""

/ * *

* the validity period of the pre-requested result. Default is 30 minutes.

, /

Long maxAge () default-1

}

3. @ CrossOrigin use

Request processing Controller under SpringBoot

/ / implement cross-domain annotations

/ / origin= "*" means all domain names are accessible

/ / the maximum age of cache duration of maxAge pre-flight response. To put it simply, the validity period of Cookie is in seconds.

/ / if maxAge is negative, it represents temporary Cookie and will not be persisted. Cookie information is saved in browser memory and Cookie disappears when browser closes.

@ CrossOrigin (origins = "*", maxAge = 3600)

@ RestController

@ RequestMapping ("/ crawler")

Public class CrawlerController {

@ RequestMapping (value = "/ fetchGroupMonthCrawlerStat", method =

RequestMethod.GET, produces = {

"application/json;charSet=UTF-8"})

Public String fetchGroupMonthCrawlerStat (HttpServletResponse response

HttpServletRequest request) {

/ / process business logic and return data

}

}

The above is how to solve the cross-domain problem when AJAX accesses SpringBoot2.0. If you happen to have similar doubts, please refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.