Spring Boot配置统一跨域过滤器

重写WebMvcConfigurer的addCorsMappings()可以解决一部分跨域的问题，但是对于有些过滤器涉及到跨域，且拦截器位面较高的话，还是会出现一些跨域问题。

代码：
//配置CorsFilter跨域过滤器CorsFilterRegistrationConfig

import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.stereotype.Component;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

import java.util.ArrayList;
import java.util.List;

/**
* 跨域过滤器
*
*/
@Component
@Configuration
@ConfigurationProperties(prefix = CorsFilterRegistrationConfig.PREFIX)
public class CorsFilterRegistrationConfig {
public static final String PREFIX = "fss.filter.cors";

/**
* 允许跨域地址
* 允许所有：*
*/
private List<String> allowedOriginList = new ArrayList<>();

/**
* 允许请求头信息
* 允许所有：*
*/
private List<String> allowedHeaderList = new ArrayList<>();

/**
* 允许请求信息
* 允许所有：*
*/
private List<String> allowedMethodList = new ArrayList<>();

/**
* 允许暴露信息
*/
private List<String> exposedHeaderList = new ArrayList<>();

/**
* 允许证书
*/
private Boolean allowCredentials = true;

/**
* 缓存时间
*/
private Long maxAge = 3600L;

/**
* 过滤地址
*/
private String mapping = "";

/**
* 跨域过滤器
*
* @return
*/
@Bean
public FilterRegistrationBean CrosFilterRegistrationBean() {

CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.setAllowedOrigins(allowedOriginList);
corsConfiguration.setAllowedHeaders(allowedHeaderList);
corsConfiguration.setAllowedMethods(allowedMethodList);
corsConfiguration.setExposedHeaders(exposedHeaderList);
corsConfiguration.setMaxAge(maxAge);
corsConfiguration.setAllowCredentials(allowCredentials);

UrlBasedCorsConfigurationSource configurationSource = new UrlBasedCorsConfigurationSource();
configurationSource.registerCorsConfiguration(mapping, corsConfiguration);

CorsFilter corsFilter = new CorsFilter(configurationSource);

FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(corsFilter);
filterRegistrationBean.setOrder(0);
return filterRegistrationBean;
}

public List<String> getAllowedOriginList() {
return allowedOriginList;
}

public void setAllowedOriginList(List<String> allowedOriginList) {
this.allowedOriginList = allowedOriginList;
}

public List<String> getAllowedHeaderList() {
return allowedHeaderList;
}

public void setAllowedHeaderList(List<String> allowedHeaderList) {
this.allowedHeaderList = allowedHeaderList;
}

public List<String> getAllowedMethodList() {
return allowedMethodList;
}

public void setAllowedMethodList(List<String> allowedMethodList) {
this.allowedMethodList = allowedMethodList;
}

public List<String> getExposedHeaderList() {
return exposedHeaderList;
}

public void setExposedHeaderList(List<String> exposedHeaderList) {
this.exposedHeaderList = exposedHeaderList;
}

public Boolean getAllowCredentials() {
return allowCredentials;
}

public void setAllowCredentials(Boolean allowCredentials) {
this.allowCredentials = allowCredentials;
}

public Long getMaxAge() {
return maxAge;
}

public void setMaxAge(Long maxAge) {
this.maxAge = maxAge;
}

public String getMapping() {
return mapping;
}

public void setMapping(String mapping) {
this.mapping = mapping;
}
}

//在application.yml文件中配置跨域属性

fss:
filter:
cors:
allowed-origin-list:
- '*'
allowed-header-list:
- '*'
allowed-method-list:
- POST
- GET
exposed-header-list:
- access-control-allow-headers
- access-control-allow-methods
- access-control-allow-origin
- access-control-max-age
- X-Frame-Options
mapping:/**

• 点赞
• 收藏
• 分享
• 文章举报