Today, when we look at new projects, we find that a lot of controllers have one
Response.setheader ("Access-control-allow-origin", "*"); The settings of the response message header,
For a while some can not touch the mind, then to help and the Internet, originally this is to set the front-end cross-domain request (please forgive me originally only used JSONP This Ajax cross-domain request method),
By watching blogs: 61916737,
learned that as soon as returned, Response.setheader ("Access-control-allow-origin", "*"); In the form of a message header, you can have all the domain name scripts access this resource,
If it is returned Response.setheader ("Access-control-allow-origin", "www.hehe.jaja.com"); You can only access my resources by script under that domain name.
In addition, we can configure the Cors filter in Web. XML to set
Access-control-allow-origin Cross-domain issues
The code is as follows:
<Filter> <Filter-name>Corsfilter</Filter-name> <Filter-class>Org.apache.catalina.filters.CorsFilter</Filter-class> <Init-param> <Param-name>Cors.allowed.headers</Param-name> <Param-value>Content-type,x-requested-with,accept,origin,access-control-request-method,access-control-request-headers, Authorization,auth</Param-value> </Init-param> </Filter>
View Code
However, it is not possible to configure Web. XML in some new projects, so it is better to use the method of returning the corresponding message headers.
Access-control-allow-origin cross-domain request processing