Access-control-allow-origin cross-domain request processing

Today, when we look at new projects, we find that a lot of controllers have one

Response.setheader ("Access-control-allow-origin", "*"); The settings of the response message header,

For a while some can not touch the mind, then to help and the Internet, originally this is to set the front-end cross-domain request (please forgive me originally only used JSONP This Ajax cross-domain request method),

By watching blogs: 61916737,

learned that as soon as returned, Response.setheader ("Access-control-allow-origin", "*"); In the form of a message header, you can have all the domain name scripts access this resource,

If it is returned Response.setheader ("Access-control-allow-origin", "www.hehe.jaja.com"); You can only access my resources by script under that domain name.

In addition, we can configure the Cors filter in Web. XML to set

Access-control-allow-origin Cross-domain issues

The code is as follows:

<Filter>        <Filter-name>Corsfilter</Filter-name>        <Filter-class>Org.apache.catalina.filters.CorsFilter</Filter-class>          <Init-param>            <Param-name>Cors.allowed.headers</Param-name>          <Param-value>Content-type,x-requested-with,accept,origin,access-control-request-method,access-control-request-headers, Authorization,auth</Param-value>        </Init-param>    </Filter>

View Code

However, it is not possible to configure Web. XML in some new projects, so it is better to use the method of returning the corresponding message headers.

Access-control-allow-origin cross-domain request processing