项目结构:前端服务——>网关服务——>子服务
最近做的项目中碰到跨域的问题,本来习惯性地拉出来以前的filter配置放进网关中,结果前端直接请求网关接口的时候还能跨域成功,通过网管访问子服务的时候就会报跨域问题。
后仔细研究发现,response头中的信息是双份的。
然后才发现原来是子服务中也有一套跨域配置,将子服务中的配置去掉后即可访问成功。
想来zuul的路由服务是直接转发请求的,而不是重新请求子服务。不然也不会把两个服务的头信息都保留下来了。
常规跨域配置如下:
package com.innove.authority.config; import org.springframework.context.annotation.Configuration; import javax.servlet.*; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; @WebFilter(filterName = "requestFilter", urlPatterns = {"/*"}) @Configuration public class CorsConfig implements Filter { @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) servletResponse; HttpServletRequest request = (HttpServletRequest) servletRequest; //此处替换为放行域名,设置多个时使用addHeader()。或者全部放行设置为* response.setHeader("Access-Control-Allow-Origin", "http://*******.com"); response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, token, authorization"); //此处设置为true时,Access-Control-Allow-Origin对应的值不能有多个。设置为false时,不允许客户端携带验证信息(如cookie) response.setHeader("Access-Control-Allow-Credentials", "true"); String method = request.getMethod(); if (method.equalsIgnoreCase("OPTIONS")) { servletResponse.getOutputStream().write("Success".getBytes("utf-8")); } else { filterChain.doFilter(servletRequest, servletResponse); } } }
原文:https://www.cnblogs.com/malefeng/p/12374950.html