springboot+vue在引入security之后导致的跨域问题
一开始后端项目里是没有引入security的 使用配置类来处理跨域 有效
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class CrosConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
//项目中的所有接口都支持跨域
registry.addMapping("/**")
//所有地址都可以访问,也可以配置具体地址
.allowedOriginPatterns("*")
//允许的请求方式
.allowedMethods("POST", "GET", "PUT", "OPTIONS", "DELETE")
//是否支持跨域Cookie
.allowCredentials(false)
// 跨域允许时间
.maxAge(3600);
}
}
但是不知道为什么在引入了security之后该配置类失效 前端一直提示跨域问题 离谱的是状态码是200 后端执行了代码 甚至把请求头里都放了jwt 但是请求体发不回来
解决方案:
1、添加一个过滤器
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class OptionsRequestFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
if (request.getMethod().equals("OPTIONS")) {
response.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,HEAD");
response.setHeader("Access-Control-Allow-Headers", response.getHeader("Access-Control-Request-Headers"));
return;
}
filterChain.doFilter(request, response);
}
}
2、在securityConfig中配置过滤器
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration().applyPermitDefaultValues();
configuration.addExposedHeader("Authorization");
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}