使用Spring CROS解决项目中的跨域问题

CROS(Cross-Origin Resource Sharing) 用于解决浏览器中跨域请求的问题。简单的Get请求可以使用JSONP来解决，而对于其它复杂的请求则需要后端应用的支持CROS。Spring在4.2版本之后提供了***@CrossOrigin*** 注解来实现对Cross的支持。

• 在Controller方法上配置

@CrossOrigin(origins = {"http://loaclhost:8088"})
@RequestMapping(value = "/crossTest",method = RequestMethod.GET)
public String greeting() {
    return "corss test";
}

• 在Controller上配置，那么这个Controller中的所有方法都会支持CORS

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@CrossOrigin(origins = "http://localhost:8088",maxAge = 3600)
@Controller
@RequestMapping("/api")
public class AppController {
    
        @RequestMapping(value = "/crossTest",method = RequestMethod.GET)
        public String greeting() {
            return "corss test";
        }
        
}

• Java Config全局配置

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

@Configuration
@EnableWebMvc
public class SpringWebConfig extends WebMvcConfigurerAdapter {

    /**
     * {@inheritDoc}
     * <p>This implementation is empty.
     *
     * @param registry
     */
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        super.addCorsMappings(registry);
        // 对所有的URL配置
        registry.addMapping("/**");

        // 针对某些URL配置
        registry.addMapping("/api/**").allowedOrigins("http:///localhost:8088")
                .allowedMethods("PUT","DELETE")
                .allowedHeaders("header1","header2","header3")
                .exposedHeaders("header1","header2")
                .allowCredentials(false).maxAge(3600);
    }
}

• XML全局配置

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/mvc
       http://www.springframework.org/schema/mvc/spring-mvc.xsd">

    <mvc:cors>
        <!--<mvc:mapping path=""/>-->
        <mvc:mapping path="/api/**"
                     allowed-origins="http://localhost:8088,http://localhost:8888"
                     allowed-methods="GET,PUT"
                     allowed-headers="header1,header2"
                     exposed-headers="header1,header2"
                     allow-credentials="false"
                     max-age="3600" />
    </mvc:cors>
</beans>