org.ebaysf.web的cors-filter使用,cors-filter跨域请求,Springboot CORS跨域
================================
©Copyright 蕃薯耀 2020-11-26
http://fanshuyao.iteye.com/
cors-filter为第三方(ebay)组件。
一、官网地址
https://github.com/ebay/cors-filter
二、Springboot使用cors-filter
1、引入依赖
<dependency>
<groupId>org.ebaysf.web</groupId>
<artifactId>cors-filter</artifactId>
<version>1.0.1</version>
</dependency>
2、配置类
import javax.servlet.Filter;
import org.ebaysf.web.cors.CORSFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* 过滤器配置类
*/
@Configuration
public class HttpFilterConfig {
/**
* org.ebaysf.web cors-filter
* @return
*/
@Bean
public FilterRegistrationBean<Filter> corsFilter() {
FilterRegistrationBean<Filter> registration = new FilterRegistrationBean<>();
registration.setFilter(new CORSFilter());//org.ebaysf.web.cors.CORSFilter
//这个可直接不配置
//Defaults: true
registration.addInitParameter("cors.support.credentials", "true");
//这个可直接不配置
//Defaults: * (Any origin is allowed to access the resource).
registration.addInitParameter("cors.allowed.origins", "http://127.0.0.1:7010");
//这个可直接不配置
//Defaults: GET,POST,HEAD,OPTIONS
registration.addInitParameter("cors.allowed.methods", "GET,POST");
//这个可直接不配置
// Defaults: Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers
registration.addInitParameter("cors.allowed.headers", "*");
//这个可直接不配置
//Default: None
registration.addInitParameter("cors.exposed.headers", "");
//这个可直接不配置
//Defaults: 1800。3600表示一个小时
registration.addInitParameter("cors.preflight.maxage", "3600");
//这个可直接不配置
//A flag to control logging to container logs. Defaults: false
registration.addInitParameter("cors.logging.enabled", "true");
//这个可直接不配置
//A flag to control if the request should be decorated or not. Defaults: true
registration.addInitParameter("cors.request.decorate", "true");
registration.setName("CORSFilter"); //过滤器名称
registration.addUrlPatterns("/*");//过滤路径
registration.setOrder(1); //设置顺序
return registration;
}
}
三、Spring Web应用使用cors-filter
1、引入Jar包,放在项目的/WEB-INF/lib/目录下
cors-filter-1.0.1.jar
下载地址:
https://repo1.maven.org/maven2/org/ebaysf/web/cors-filter/1.0.1/cors-filter-1.0.1.jar
2、在WEB-INF/web.xml配置过滤器
<filter>
<filter-name>CORS Filter</filter-name>
<filter-class>org.ebaysf.web.cors.CORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CORS Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
四、参数
cors.allowed.origins
A list of origins that are allowed to access the resource. A '*' can be specified to enable access to resource from any origin. Otherwise, a whitelist of comma separated origins can be provided. Ex: http://www.w3.org, https://www.apache.org. Defaults: * (Any origin is allowed to access the resource).
cors.allowed.methods
A comma separated list of HTTP methods that can be used to access the resource, using cross-origin requests. These are the methods which will also be included as part of 'Access-Control-Allow-Methods' header in a pre-flight response. Ex: GET,POST. Defaults: GET,POST,HEAD,OPTIONS
cors.allowed.headers
A comma separated list of request headers that can be used when making an actual request. These header will also be returned as part of 'Access-Control-Allow-Headers' header in a pre-flight response. Ex: Origin,Accept. Defaults: Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers
cors.exposed.headers
A comma separated list of headers other than the simple response headers that browsers are allowed to access. These are the headers which will also be included as part of 'Access-Control-Expose-Headers' header in the pre-flight response. Ex: X-CUSTOM-HEADER-PING,X-CUSTOM-HEADER-PONG. Default: None
cors.preflight.maxage
The amount of seconds, browser is allowed to cache the result of the pre-flight request. This will be included as part of 'Access-Control-Max-Age' header in the pre-flight response. A negative value will prevent CORS Filter from adding this response header from pre-flight response. Defaults: 1800
cors.support.credentials
A flag that indicates whether the resource supports user credentials. This flag is exposed as part of 'Access-Control-Allow-Credentials' header in a pre-flight response. It helps browser determine whether or not an actual request can be made using credentials. Defaults: true
cors.logging.enabled
A flag to control logging to container logs. Defaults: false
cors.request.decorate
A flag to control if the request should be decorated or not. Defaults: true
To override filter configuration defaults, specify them in the init-params while configuring the filter in web.xml. Example:
参数配置示例(Xml)
<filter>
<filter-name>CORS Filter</filter-name>
<filter-class>org.ebaysf.web.cors.CORSFilter</filter-class>
<init-param>
<description>A comma separated list of allowed origins. Note: An '*' cannot be used for an allowed origin when using credentials.</description>
<param-name>cors.allowed.origins</param-name>
<param-value>http://localhost:8080,http://localhost.ebay.com:8080</param-value>
</init-param>
<init-param>
<description>A comma separated list of HTTP verbs, using which a CORS request can be made.</description>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<description>A comma separated list of allowed headers when making a non simple CORS request.</description>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<description>A comma separated list non-standard response headers that will be exposed to XHR2 object.</description>
<param-name>cors.exposed.headers</param-name>
<param-value></param-value>
</init-param>
<init-param>
<description>A flag that suggests if CORS is supported with cookies</description>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<description>A flag to control logging</description>
<param-name>cors.logging.enabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<description>Indicates how long (in seconds) the results of a preflight request can be cached in a preflight result cache.</description>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CORS Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring CORS跨域请求解决方案总结:(建议采用方案1)
1、springboot CORS 跨域请求解决三大方案,springboot CorsFilter解决跨域问题
https://www.iteye.com/blog/fanshuyao-2517777
2、cors-filter使用,cors-filter解决跨域访问,cors-filter跨域请求
https://www.iteye.com/blog/fanshuyao-2517803
3、org.ebaysf.web的cors-filter使用,cors-filter跨域请求
https://www.iteye.com/blog/fanshuyao-2517820
4、java tomcat-catalina CorsFilter使用,apache tomcat-catalina CorsFilter使用
https://www.iteye.com/blog/fanshuyao-2517821
5、springboot jsonp 跨域请求,springboot使用jsonp跨域
https://www.iteye.com/blog/fanshuyao-2517789
================================
©Copyright 蕃薯耀 2020-11-26
http://fanshuyao.iteye.com/
相关推荐
Tomcat作为一款广泛使用的Java Web服务器,提供了一种方式来处理跨域请求,这就是我们今天要讨论的“cors-filter”jar包。 标题中的“cors-filter-1.7.jar”,“cors-filter-2.5.jar”和“cors-filter-2.10.jar”是...
总结来说,`java-property-utils-1.9.jar`和`cors-filter-1.7.jar`这两个jar包结合使用,可以方便地在Tomcat服务器上实现跨域资源共享。它们通过提供动态配置和CORS过滤器的功能,帮助开发者克服同源策略带来的障碍...
了解并正确配置这些参数,可以确保你的Web应用支持安全、灵活的CORS跨域访问。在实际应用中,根据安全性和功能需求,你可能需要调整上述配置,例如限制允许的源,或者特定的HTTP方法。参考提供的链接...
在现代Web开发中,跨域资源共享(CORS)是一个重要的概念,它允许浏览器在不同源之间发送Ajax请求。Spring框架提供了灵活的解决方案来处理跨域请求。本篇将详细讲解如何利用Spring解决跨域问题,以及如何使用`cors-...
总结来说,“cors-filter-1.7.jar”提供了跨域请求的支持,使得JasperServer可以被多个Web应用安全调用;而“java-property-utils-1.9.jar”则为处理和管理JasperServer的配置文件提供了便利。在实际开发和部署...
`cors-filter-1.7.jar` 是一个专门处理CORS过滤的Java过滤器,它使得Tomcat服务器能够支持跨域请求。这个jar包提供了对CORS头的管理,使开发者可以设置允许哪些源进行跨域请求,以及控制请求方法、头部、缓存策略等...
总结来说,"cors-filter-1.7.jar"和"java-property-utils-1.9.jar"在Geoserver的CORS跨域资源访问配置中起到关键作用,前者处理跨域请求,后者则为配置提供便利。了解这些知识点对于构建高效、安全的跨域Web应用至关...
如果Cesium无法显示tomcat发布的瓦片,则需要对Tomcat做跨域处理,做法如下: 首先下载cors-filter-2.5.jar和java-property-utils-1.9.1
`cors-filter-1.7.1.jar` 提供的过滤器能够方便地处理这些步骤,开发者只需要在Web应用的配置文件中添加相应的过滤器配置,就可以轻松实现跨域请求。例如,在Spring的`web.xml`中,你可以这样配置: ```xml <filter...
标题中的“cors-filter-2.5.jar”是一个Java Web应用程序使用的库,专门用于处理跨域资源共享(CORS)的问题。CORS是一种机制,允许Web应用通过浏览器从不同源(即非同源策略允许的源)获取资源,以克服浏览器的同源...
CORS Filter是处理跨域请求的一种解决方案,它作为一个Servlet Filter在Tomcat这样的Web服务器上运行。当浏览器发送跨域请求时,CORS Filter会检查请求头中的`Origin`字段,并根据配置决定是否允许这次请求。如果...
Tomcat设置跨域访问,cors-filter最新版本
这两个库的结合使用,通常意味着一个Web应用程序在处理跨域请求的同时,也需要灵活地管理其配置信息。CORS Filter确保了前端和后端之间的通信不受同源策略限制,而Java Property Utils则帮助开发者有效地管理和维护...
标题中的“tomcat跨域cors相关jar包 cors-filter-1.7.jar和java-property-utils-1.9.jar”指的是在Apache Tomcat服务器上处理跨域请求时所用到的两个关键库。CORS(Cross-Origin Resource Sharing)是现代Web应用...
最全面关于J2EE跨域资源共享的解决方案以及所需要依赖的Jar包,cors-filter-1.7.jar,java-property-utils-1.9.jar, tomcat配置方法连接 http://bsxsb.com/index.php/2015/08/07/tomcat下通过cors实现跨域配置/
具体使用CORS-filter-1.7.jar时,开发者需要在Web应用的web.xml配置文件中定义一个过滤器,设置允许的源、请求方法、暴露的头部等参数。例如: ```xml <filter> <filter-name>CORSFilter</filter-name> <filter-...
标题中的"cors-filter-1.7.jar"就是与CORS相关的Java过滤器,它帮助服务器处理来自不同源的请求,以实现跨域访问。这个jar包是ArcGIS Server 10.2在处理跨域请求时所需的一个组件。 ArcGIS Server是一款强大的地理...
1. **配置CORS过滤器**:在`web.xml`中添加`<filter>`和`<filter-mapping>`,并将`CorsFilter`类绑定到所有请求或特定请求路径。 2. **定义CORS策略**:配置过滤器时,需要指定允许的源(Origins)、允许的方法...
总的来说,理解和掌握ArcGIS Server的跨域配置以及CORS-filter和java-property-utils的使用,对于开发基于ArcGIS Server的Web GIS应用至关重要。通过这样的配置,开发者可以构建更加灵活、交互性强的Web应用程序,为...