Quick support for Cors cross-domain access in Spring Boot 2

Original: HTTPS://WWW.JIANSHU.COM/P/840B4F83C3B5

At present, most of the program development is separated by front and rear platform. In this way, the cross-domain resource sharing cors problem will be encountered. Spring Boot 2 provides a good workaround for this.

For more information about cors, please see here: cors Introduction

1. Annotation implementation

In spring Boot 2, annotations are provided to support Cors cross-domain access.

1.1 Annotations on methods

You can annotate a @crossorigin on a method. This method can be accessed across domains.

Annotate on method 1.2 on controller

You can also annotate the entire controller. This way, all methods under the controller support cross-domain access.

Annotate the controller with 1.3 annotations at the same time

Both annotations are also possible, at which point the combination of the two is taken.
As shown below, the controller can be accessed by all sources, but/user can only be accessed by http://localhost:9000.

Combo Note 1.4 Annotation fine-grained configuration

By default, the @CrossOrigin allows all sources, all headers, @RequestMapping annotations specified in the HTTP method to be accessed across domains, and supports a maximum of 30 minutes of maxage. You can override these annotation property values to personalize the settings:

Properties	Description
Origins	List of allowed sources. The response information is placed in the Access-control-allow-origin of the HTTP protocol header -*-all the sources are allowed ---if undefined, all sources are allowed)
Allowedheaders	A list of request headers that can be used during the actual request. This value is used for the access-control-allow-headers information in the pre-test response header. -*-means all header information that is allowed to be requested by the client. ---if undefined, all requests are allowed headers.
Methods	List of HTTP request methods supported by the server side. -*-all methods. ---if undefined, the method defined by the requestmapping annotation is used.
Exposedheaders	A list of response headers that the browser allows clients to access. Set the value in the actual response header access-control-expose-headers. –--if undefined, an empty list of exposed headers is used.
Allowcredentials	It determines whether the browser should contain any cookies related to the request. Cookies are not allowed in-false-. –true– is allowed to carry cookies. – ""-(empty string) means undefined. –--if not defined, all credentials are allowed.
MaxAge	The maximum time, in seconds, for the pre-response cache duration. This value is set in the header's access-control-max-age. –--if not defined, the maximum time is set to 1800 seconds (30 minutes)

2. Global configuration

In Spring Boot 2, the global configuration target can be achieved through the Addcorsmapping method in the replication Webmvcconfigurer.

@ConfigurationPublicClassCorsconfigurationImplementsWebmvcconfigurer {@Override public void addcorsmappings(corsregistry corsregistry) { //allow cross-domain access to resource definitions:/api/all resources Corsregistry.addmapping ("/api/**") //Only allow local 9000 port access. Allowedorigins ("http://localhost:9000", " http://127.0.0.1:9000 ") //Allow cookies to be sent. Allowcredentials (True) //Allow all methods. Allowedmethods (" GET ", "POST", "PUT", "DELETE", "HEAD");}}           

Jackeroo
Links: https://www.jianshu.com/p/840b4f83c3b5
Source: Pinterest
The copyright of the book is owned by the author, and any form of reprint should be contacted by the author for authorization and attribution.

Quick support for Cors cross-domain access in Spring Boot 2