Spring cloud-solutions for front-end cross-domain issues

Blog Original: http://blog.csdn.net/liuchuanhong1/article/details/62236793

When we need to provide the spring boot to the external service in the way of restful interface, if this time the architecture is separated from the front and back, then it will involve cross-domain problem, how to solve the cross-domain problem, the following to explore the next issue.

Solution One: Add @crossorigin annotations on the controller

Use the following methods:

@CrossOrigin//Annotation Method@RestController Public classHandlerscancontroller {@CrossOrigin (allowcredentials="true", allowedheaders="*", methods={requestmethod.get, requestmethod.post, Requestmethod.delete, Requestmethod.options, Request Method.head, Requestmethod.put, Requestmethod.patch}, Origins="*") @PostMapping ("/confirm")       PublicResponse Handler (@RequestBody Request JSON) {return NULL; }  }  

Solution Two: Global configuration

The code is as follows:

@Configuration Public classmyconfiguration {@Bean Publicwebmvcconfigurer Corsconfigurer () {return NewWebmvcconfigureradapter () {@Override Public voidaddcorsmappings (Corsregistry registry) {registry.addmapping ("/**"). Allowcredentials (true). Allowedmethods ("GET");          }              }; }      }  

Solution Three: Use with filter
In the main class of spring boot, add a Corsfilter

/** * * * attention: Simple cross-domain is the get,head and post request, but the "content-type" of the POST request can only be application/x-www-form-urlencoded, Multipar T/form-data or Text/plain * Conversely, is a non-simple cross-domain, this cross-domain has a preflight mechanism, said straightforward point, is to send two requests, an options request, a real request*/@Bean PublicCorsfilter Corsfilter () {final Urlbasedcorsconfigurationsource source=NewUrlbasedcorsconfigurationsource (); Final Corsconfiguration config=Newcorsconfiguration (); Config.setallowcredentials (true);//allow cookies across domainsConfig.addallowedorigin ("*");//#允许向该服务器提交请求的URI, * indicates all allow, in Springmvc, if set to *, will automatically turn to Origin in the current request headerConfig.addallowedheader ("*");//#允许访问的头信息, * indicates allConfig.setmaxage (18000L);//the cache time (in seconds) of the preflight request, which is no longer pre-checking for the same cross-domain request for the same time periodConfig.addallowedmethod ("OPTIONS");//the method that allows the request to be submitted, * indicates all allowedConfig.addallowedmethod ("HEAD"); Config.addallowedmethod ("GET");//request method to allow getConfig.addallowedmethod ("PUT"); Config.addallowedmethod ("POST"); Config.addallowedmethod ("DELETE"); Config.addallowedmethod ("PATCH"); Source.registercorsconfiguration ("/**", config); return Newcorsfilter (source); }  

Of course, if there are many microservices, it is necessary to add such a piece of code to the main class of each service, which violates the dry principle, and a better approach is to solve the cross-domain problem at the gateway layer of Zuul once and for all.

For more information on front-end cross-domain, refer to: http://www.ruanyifeng.com/blog/2016/04/cors.html

Spring cloud-solutions for front-end cross-domain issues