corsfilter过滤器的使用

1、第一步：新建CorsFilter，在过滤器中设置相关请求头

package com.handlecar.basf_pmdb_service.filter;

import org.springframework.web.filter.OncePerRequestFilter;

2、import javax.servlet.*;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import java.io.IOException;

public class CorsFilter extends OncePerRequestFilter {

3、//public class CorsFilter implements Filter {

//    static final String ORIGIN = "Origin";

    protected void doFilterInternal(

            HttpServletRequest request, HttpServletResponse response,

            FilterChain filterChain) throws ServletException, IOException {

//        String origin = request.getHeader(ORIGIN);

        response.setHeader("Access-Control-Allow-Origin", "*");//* or origin as u prefer

4、     response.setHeader("Access-Control-Allow-Credentials", "true");

        response.setHeader("Access-Control-Allow-Methods", "PUT, POST, GET, OPTIONS, DELETE");

        response.setHeader("Access-Control-Max-Age", "3600");

//        response.setHeader("Access-Control-Allow-Headers", "content-type, authorization");

        response.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With, Authorization");

        response.setHeader("XDomainRequestAllowed","1");

        //使前端能够获取到

        response.setHeader("Access-Control-Expose-Headers","download-status,download-filename,download-message");

        if (request.getMethod().equals("OPTIONS"))

//            response.setStatus(HttpServletResponse.SC_OK);

            response.setStatus(HttpServletResponse.SC_NO_CONTENT);

        else

            filterChain.doFilter(request, response);

    }

5、//    @Override

//    public void doFilter(ServletRequest req, ServletResponse res,

//                         FilterChain chain) throws IOException, ServletException {

//

//        HttpServletResponse response = (HttpServletResponse) res;

//        //测试环境用【*】匹配，上生产环境后需要切换为实际的前端请求地址

//        response.setHeader("Access-Control-Allow-Origin", "*");

//        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");

//

//        response.setHeader("Access-Control-Max-Age", "0");

//

//        response.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With, auth");

//

//        response.setHeader("Access-Control-Allow-Credentials", "true");

！