Springmvc+angularjs cross-domain scenarios with cors

What are cross-domain request issues?

The problem stems from the fact that modern browsers, by default, block cross-domain AJAX requests based on security reasons, which are a must-have feature in modern browsers, but are often inconvenient for development.

But cross-domain requirements have always been, in order to cross-domain, industrious and courageous program apes have come up with a lot of methods, such as JsonP, proxy files and so on. However, these practices add a lot of unnecessary maintenance costs, and there are many limitations to scenarios, such as JSONP is not xhr, so JSONP can only use get to pass parameters.

In mobile applications today, the blessing of HTML5, mobile Web, and even the Hybird app is also gradually fire up, in the local file system Web page, there is need to obtain external data requirements, and these requirements are necessarily cross-domain. At the same time, HTML5 comes with a new feature called "Cross-origin Resource sharing", which gives developers the power to determine whether resources are allowed to be accessed across domains.

How to solve?
Cors,crossorigin resources sharing, also known as cross-origin resource sharing, is a feature of HTML5, which defines a way for browsers and server interactions to determine whether cross-domain requests are allowed.

The server adds a special Header[access-control-allow-origin] to inform the client of the cross-domain restrictions, if the browser supports cors, if you judge Origin through, it will allow XHR to make the request, You do not need to use JSONP or proxy files.

Use this header to return the source domain that is allowed to request cross-domain requests, such as Web site duelist.cn set the following header
Access-control-allow-origin:http://smdcn.net
After this setting, through the page under Http://smdcn.net for duelist.cn Ajax request will be allowed, and other sites on duelist.cn will still be blocked, in this way the site owner can restrict this.

Of course, if you don't want to restrict the source, you can
Access-control-allow-origin: *
To allow any site to cross-domain requests for that resource

Solutions under SPRINGMVC:

Define Simplecorsfilter

Importjava.io.IOException;ImportJavax.servlet.Filter;ImportJavax.servlet.FilterChain;ImportJavax.servlet.FilterConfig;Importjavax.servlet.ServletException;Importjavax.servlet.ServletRequest;ImportJavax.servlet.ServletResponse;ImportJavax.servlet.http.HttpServletResponse;Importorg.springframework.stereotype.Component; @Component Public classSimplecorsfilterImplementsFilter { Public voidDoFilter (servletrequest req, servletresponse Res, filterchain chain)throwsIOException, servletexception {httpservletresponse response=(HttpServletResponse) res; Response.setheader ("Access-control-allow-origin", "*"); Response.setheader ("Access-control-allow-methods", "POST, GET, OPTIONS, DELETE"); Response.setheader ("Access-control-max-age", "3600"); Response.setheader ("Access-control-allow-headers", "X-requested-with");    Chain.dofilter (req, res); }     Public voidInit (Filterconfig filterconfig) {} Public voiddestroy () {}}

Xml:

    <Filter>      <Filter-name>Cors</Filter-name>      <Filter-class>Com.app.filter.SimpleCORSFilter</Filter-class>    </Filter>    <filter-mapping>      <Filter-name>Cors</Filter-name>      <Url-pattern>/*</Url-pattern>    </filter-mapping>

Angularjs-Side code:

$http ({method:"POST", URL:"Http://localhost:8080/eifs/usr/login.json", data: {para1:"Para1", Para2: "Para2"}, headers: {' Content-type ': ' application/x-www-form-urlencoded '}}). Success (function(data) {}). Error (function(data) {}); $http. Get (' Http://localhost:8080/eifs/usr/login.json ', {params:{para1: "Para1", Para2: "Para2"},timeout:10000}). Success (function(data, status, headers, config) {}). Error (function(data, status, headers, config) {});

Reference:

Spring guide:https://spring.io/guides/gs/rest-service-cors/

Springmvc+angularjs cross-domain scenarios with cors