解决前后端分离后的Cookie跨域问题

时间:2022-08-28 12:02:11

 

一. 前端Ajax关键配置

$.ajax({
  type: "post",
  url: xxx,
  data: xxx,
  contentType: 'application/json',
  dataType: "json",
xhrFields: {
 withCredentials: true
 },

  success: function (data) {
  }
})

 

二、后端过滤器关键配置

  //解决Cookie跨域问题
  response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
  response.setHeader("Access-Control-Allow-Credentials", "true");
  response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
  response.setHeader("Access-Control-Allow-Methods","GET, POST, PUT, DELETE");

//解决 Content-Type:application/json 时跨域设置失败问题
if("OPTIONS".equals(request.getMethod())) {
//放行OPTIONS请求
      filterChain.doFilter(request, response);
return;
  }

 

注意:

  • "Access-Control-Allow-Origin" 不能设置成 "*"
  • 当 Content-Type 为 application/json 时,Ajax实际会发两次请求,第一次是一个OPTIONS请求,这时过滤器一定得放开

  

 

标签:

相关文章