1.使用@CrossOrigin注解

在Controller上添加@CrossOrigin注解,这个注解也可以单独使用到接口上面.

2.通过配置类解决跨域

编写一个WebConfig类,在其中增加跨域配置

@Configuration
public class WebConfig implements WebMvcConfigurer {


    @Autowired
    private AuthorityInterceptor authorityInterceptor;

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
                .allowedOrigins("*")
                .allowCredentials(true)
                .allowedMethods("GET", "POST", "DELETE", "PUT")
                .maxAge(3600);
    }
}

需要注意一点response.setHeader("Access-Control-Allow-Credentials", "true")这个情况下,不能直接将Access-Control-Allow-Origin设置为*

3.配置Filter,主要解决浏览器的预请求

编写一个Filter类继承自OncePerRequestFilter
重写doFilterInternal()方法

@Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
        /*
         * 跨域问题的设置
         */
        String option = "OPTIONS";
        if (option.equals(request.getMethod())) {
            log.info("浏览器的预请求的处理..");
            response.setContentType("application/json; charset=utf-8");
            response.setCharacterEncoding("UTF-8");
            response.setHeader("Access-Control-Allow-Origin",request.getHeader("origin"));
            response.setHeader("Access-Control-Max-Age", "3600");
            response.setHeader("Access-Control-Allow-Methods", "POST, GET,PUT, OPTIONS, DELETE,HEAD");
            response.setHeader("Access-Control-Allow-Credentials", "true");
            response.setHeader("Access-Control-Allow-Headers", "X-Requested-With, Content-Type, Accept, token,Origin, No-Cache, X-Requested-With, If-Modified-Since,authorization,Pragma, Last-Modified, Cache-Control, Expires, Authorization,Token");
            return;
        } else {
            String requestURI = request.getRequestURI();
            log.info("requestURI:{}", requestURI);
        }
}

Github源码https://github.com/Panghu98/crossorigin/blob/master/README.md