spring|spring cloud gateway跨域全局CORS配置方式
在Spring 5 Webflux中,配置CORS,可以通过自定义WebFilter实现:
注:此种写法需真实跨域访问,监控header中才会带相应属性。
代码实现方式
import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.http.server.reactive.ServerHttpResponse; import org.springframework.web.cors.reactive.CorsUtils; import org.springframework.web.server.ServerWebExchange; import org.springframework.web.server.WebFilter; import org.springframework.web.server.WebFilterChain; import org.springframework.http.HttpMethod; import reactor.core.publisher.Mono; import static org.springframework.web.cors.CorsConfiguration.ALL; public class XXXApplication{public static void main(String[] args) {SpringApplication.run(XXXApplication.class, args); }private static final String MAX_AGE = "18000L"; @Beanpublic WebFilter corsFilter() {return (ServerWebExchange ctx, WebFilterChain chain) -> {ServerHttpRequest request = ctx.getRequest(); if (!CorsUtils.isCorsRequest(request)) {return chain.filter(ctx); }HttpHeaders requestHeaders = request.getHeaders(); ServerHttpResponse response = ctx.getResponse(); HttpMethod requestMethod = requestHeaders.getAccessControlRequestMethod(); HttpHeaders headers = response.getHeaders(); headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, requestHeaders.getOrigin()); headers.addAll(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, requestHeaders.getAccessControlRequestHeaders()); if (requestMethod != null) {headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, requestMethod.name()); }headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, ALL); headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, MAX_AGE); if (request.getMethod() == HttpMethod.OPTIONS) {response.setStatusCode(HttpStatus.OK); return Mono.empty(); }return chain.filter(ctx); }; }}
配置实现方式 网上还提到一种配置写法,实测好用:
spring:cloud:gateway:globalcors:corsConfigurations:'[/**]':allowedOrigins: "*"allowedMethods: "*"allowedHeaders: "*"
springcloud gateway 跨域的解决 springcloud gateway提供的自带的跨域过滤器有问题,前端还是会报跨域。zuul不会有这个问题。调试发现主要是游览器发送嗅探请求(OPTIONS)时,没有返回跨域的响应头,从而游览器报跨域问题。
验证
由于springcloud gateway为webflux与zuul不一样,同一个服务,采用spring内置的跨域过滤器,zuul可以通过而gateway报错。具体配置如下:
1、gateway跨域配置
spring:cloud:gateway:globalcors:cors-configurations:'[/**]':# 允许携带认证信息# 允许跨域的源(网站域名/ip),设置*为全部# 允许跨域请求里的head字段,设置*为全部# 允许跨域的method, 默认为GET和OPTIONS,设置*为全部# 跨域允许的有效期allow-credentials: trueallowed-origins: '*'allowed-headers: Content-Type,Content-Length, Authorization, Accept,X-Requested-Withallowed-methods: '*'exposed-headers: Content-Type,Content-Length, Authorization, Accept,X-Requested-Withmax-age: 3600
此配置无效,前端还是会报跨域问题,主要是前端发送OPTIONS请求时没有返回跨域信息
2、zuul网关或者其它微服务servlet 向容器中注入跨域过滤器
import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.core.Ordered; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import org.springframework.web.filter.CorsFilter; /** * @author ZhouChuGang * @version 1.0 * @project langangkj-commonm * @date 2020/5/4 12:24 * @Description 跨域过滤器配置 */@Slf4j@configuration@ConditionalOnMissingBean(CorsFilter.class)@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)public class CorsFilterConfiguration {public CorsFilterConfiguration() {log.info("==========注入跨域过滤器============="); }@Bean("corsFilter")public CorsFilter corsFilter() {UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration config = new CorsConfiguration(); // #允许向该服务器提交请求的URI,*表示全部允许config.addAllowedOrigin(CorsConfiguration.ALL); // 允许cookies跨域config.setAllowCredentials(true); // #允许访问的头信息,*表示全部config.addAllowedHeader(CorsConfiguration.ALL); // 允许提交请求的方法,*表示全部允许config.addAllowedMethod(CorsConfiguration.ALL); source.registerCorsConfiguration("/**", config); return new CorsFilter(source); }@Autowired@Qualifier("corsFilter")private CorsFilter corsFilter; /*** 配置跨域过滤器*/@Beanpublic FilterRegistrationBeancorsFilterRegistration() {FilterRegistrationBean registration = new FilterRegistrationBean<>(); registration.setFilter(corsFilter); registration.addUrlPatterns("/*"); registration.setName("corsFilter"); registration.setOrder(Ordered.HIGHEST_PRECEDENCE); return registration; }}
此方案可以完美解决跨域问题。但是springcloud gateway 不是servlet 规范。
解决方案
1、gateway后面的微服务实现跨域 跨域由网关后面的服务实现。
2、实现一个过滤器,来做跨域允许 需要在响应头中加入以下信息
# 这个为请求头中的 originadd_header 'Access-Control-Allow-Origin' '$http_origin' ; add_header 'Access-Control-Allow-Credentials' 'true' ; add_header 'Access-Control-Allow-Methods' 'PUT,POST,GET,DELETE,OPTIONS' ; add_header 'Access-Control-Allow-Headers' 'Content-Type,Content-Length,Authorization,Accept,X-Requested-With' ;
3、采用nginx做代理,配置跨域响应头。(强烈推荐) 请求先到nginx,nginx再去请求gateway, 由nginx添加跨域响应头
add_header 'Access-Control-Allow-Origin' '$http_origin' ; add_header 'Access-Control-Allow-Credentials' 'true' ; add_header 'Access-Control-Allow-Methods' 'PUT,POST,GET,DELETE,OPTIONS' ; add_header 'Access-Control-Allow-Headers' 'Content-Type,Content-Length,Authorization,Accept,X-Requested-With' ;
这里本人为了方便,采用第3中方案,测试完美解决!
【spring|spring cloud gateway跨域全局CORS配置方式】以上为个人经验,希望能给大家一个参考,也希望大家多多支持脚本之家。
推荐阅读
- Activiti(一)SpringBoot2集成Activiti6
- SpringBoot调用公共模块的自定义注解失效的解决
- 解决SpringBoot引用别的模块无法注入的问题
- 2018-07-09|2018-07-09 Spring 的DBCP,c3p0
- spring|spring boot项目启动websocket
- Spring|Spring Boot 整合 Activiti6.0.0
- Spring集成|Spring集成 Mina
- springboot使用redis缓存
- Spring|Spring 框架之 AOP 原理剖析已经出炉!!!预定的童鞋可以识别下发二维码去看了
- Spring|Spring Boot之ImportSelector