Springmvc 支持 cors跨域请求
2016-11-09 17:55
447 查看
1、spring版本 4.3.2 +
2、xml配置:
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<context:component-scan base-package="xxxx.action" /> <context:annotation-config /> <mvc:annotation-driven /> <mvc:cors> <mvc:mapping path="/xxxx/xxxx"/> </mvc:cors>
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver"/>
<!-- 静态资源映射 --> <mvc:resources mapping="/xxxx/img/**" location="/WEB-INF/img/"/></beans>
更复杂的配置:
<mvc:cors>
<mvc:mapping path="/api/**"
allowed-origins="http://domain1.com, http://domain2.com" allowed-methods="GET, PUT"
allowed-headers="header1, header2, header3"
exposed-headers="header1, header2" allow-credentials="false"
max-age="123" />
<mvc:mapping path="/resources/**"
allowed-origins="http://domain1.com" />
</mvc:cors>
http://www.springframework.org/schema/mvc/spring-mvc.xsd
xsd中可以看到,cors配置各个配置项的默认取值
<xsd:element name="cors">
<xsd:annotation>
<xsd:documentation>
<![CDATA[ Configure cross origin requests processing. ]]>
</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:sequence>
<xsd:element name="mapping" minOccurs="1" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Enable cross origin requests processing on the specified path pattern. By default, all origins, GET HEAD POST methods, all headers and credentials are allowed and max age is set to
30 minutes.
]]>
</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:attribute name="path" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
A path into the application that should handle CORS requests. Exact path mapping URIs (such as "/admin") are supported as well as Ant-stype path patterns (such as /admin/**).
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="allowed-origins" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Comma-separated list of origins to allow, e.g. "http://domain1.com, http://domain2.com". The special value "*" allows all domains (default).
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="allowed-methods" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Comma-separated list of HTTP methods to allow, e.g. "GET, POST". The special value "*" allows all method. By default GET, HEAD and POST methods are allowed.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="allowed-headers" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Comma-separated list of headers that a pre-flight request can list as allowed for use during an actual request. The special value of "*" allows actual requests to send any header (default).
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="exposed-headers" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Comma-separated list of response headers other than simple headers (i.e. Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma) that an actual response might
have and can be exposed. Empty by default.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="allow-credentials" type="xsd:boolean">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Whether user credentials are supported (true by default).
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="max-age" type="xsd:long">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
How long, in seconds, the response from a pre-flight request can be cached by clients. 1800 seconds (30 minutes) by default.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
2、xml配置:
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<context:component-scan base-package="xxxx.action" /> <context:annotation-config /> <mvc:annotation-driven /> <mvc:cors> <mvc:mapping path="/xxxx/xxxx"/> </mvc:cors>
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver"/>
<!-- 静态资源映射 --> <mvc:resources mapping="/xxxx/img/**" location="/WEB-INF/img/"/></beans>
更复杂的配置:
<mvc:cors>
<mvc:mapping path="/api/**"
allowed-origins="http://domain1.com, http://domain2.com" allowed-methods="GET, PUT"
allowed-headers="header1, header2, header3"
exposed-headers="header1, header2" allow-credentials="false"
max-age="123" />
<mvc:mapping path="/resources/**"
allowed-origins="http://domain1.com" />
</mvc:cors>
http://www.springframework.org/schema/mvc/spring-mvc.xsd
xsd中可以看到,cors配置各个配置项的默认取值
<xsd:element name="cors">
<xsd:annotation>
<xsd:documentation>
<![CDATA[ Configure cross origin requests processing. ]]>
</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:sequence>
<xsd:element name="mapping" minOccurs="1" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Enable cross origin requests processing on the specified path pattern. By default, all origins, GET HEAD POST methods, all headers and credentials are allowed and max age is set to
30 minutes.
]]>
</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:attribute name="path" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
A path into the application that should handle CORS requests. Exact path mapping URIs (such as "/admin") are supported as well as Ant-stype path patterns (such as /admin/**).
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="allowed-origins" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Comma-separated list of origins to allow, e.g. "http://domain1.com, http://domain2.com". The special value "*" allows all domains (default).
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="allowed-methods" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Comma-separated list of HTTP methods to allow, e.g. "GET, POST". The special value "*" allows all method. By default GET, HEAD and POST methods are allowed.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="allowed-headers" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Comma-separated list of headers that a pre-flight request can list as allowed for use during an actual request. The special value of "*" allows actual requests to send any header (default).
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="exposed-headers" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Comma-separated list of response headers other than simple headers (i.e. Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma) that an actual response might
have and can be exposed. Empty by default.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="allow-credentials" type="xsd:boolean">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
Whether user credentials are supported (true by default).
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="max-age" type="xsd:long">
<xsd:annotation>
<xsd:documentation>
<![CDATA[
How long, in seconds, the response from a pre-flight request can be cached by clients. 1800 seconds (30 minutes) by default.
]]>
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
相关文章推荐
- Spring Boot Web应用开发 CORS 跨域请求支持
- SpringMVC支持跨域访问的CORS配置
- 跨域请求方式集锦--CORS跨域请求支持各种请求方式
- 支持POST的跨域请求CORS
- Spring Boot Web应用开发 CORS 跨域请求支持
- SpringMVC支持跨域访问的CORS配置
- springmvc接口支持跨域请求
- SpringMVC支持Jsonp跨域请求的方法
- Spring MVC 4.2 增加 CORS 支持 (跨域请求)
- 基于CORS 为Jfainl实现跨域请求
- js判断请求的url是否可访问,支持跨域判断的实现方法
- CORS——跨域请求那些事儿
- SpringMVC对于跨域访问的支持
- 跨域解决 & ajax post 请求springmvc ctr 问题
- 跨域请求问题cors
- springmvc开发rest接口时支持“请求的URI地址不存在”
- 关于springmvc处理跨域请求的问题
- springMVC实现jsonp的跨域请求
- 跨域解决 & ajax post 请求springmvc ctr 问题
- jquery 跨域请求 报错:(原因:CORS 头缺少 'Access-Control-Allow-Origin')