Request header field x-xsrf-token is not allowed by Access-Control-Allow-Headers in preflight respon
Request header field x-xsrf-token is not allowed by Access-Control-Allow-Headers in preflight respon
IT云清
发布于 2021-12-06 14:30:52
发布于 2021-12-06 14:30:52
文章被收录于专栏:IT云清
设置下Access-Control-Allow-Headers
@Component
@WebFilter
public class CorsFilter implements Filter {
private final static String SPLIT = ";";
@Value("${roc.allow.origins:http://aa.aa.cn:8088}")
private String allowOrigins ;
private List<String> allows = null;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
if (allowOrigins.contains(SPLIT)) {
allows = Arrays.asList(allowOrigins.split(SPLIT).clone());
} else {
allows.add(allowOrigins);
}
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
String origin = request.getHeader("Origin");
if (allows.contains(origin)) {
response.setHeader("Access-Control-Allow-Origin",origin);
response.setHeader("Access-Control-Allow-Methods", "*");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,x-xsrf-token,x-csrf-token,If-Modified-Since,Cache-Control,Content-Type, X-Custom-Header, Access-Control-Expose-Headers, Token, Authorization");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Expires", "-1");
response.setHeader("Cache-Control", "no-cache");
response.setHeader("pragma", "no-cache");
if ("OPTIONS".equals(request.getMethod())){
response.setStatus(HttpStatus.SC_OK);
return;
}
}
chain.doFilter(req, res);
}
@Override
public void destroy() {
}
}本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
原始发表:2021/10/09 ,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
腾讯云开发者
