跨域问题
host和origin 不一致导致的跨域
前台请求后端接口 ,host和origin的ip/域名 不一致导致跨域
接口提供方配置 allow-origin 和skip-referer 为origin 的ip或域名,解决
自定义header参数导致的跨域
跨域提示
No 'Access-Control-Allow-Origin' header is present on the requested resource.
搜索后好到如下提示
浏览器在发送带有自定义的请求头时,
浏览器会先向服务器发送OPTIONS预检请求,
探测该请求服务端是否允许自定义跨域字段.如果允许,则继续执行请求
突然想到接口访问时要在header中加自定义参数x-authenticated-clientid
且request header 中有这行
Access-Control-Request-Headers: x-authenticated-clientid
百度方案:https://www.mk2048.com/blog/blog_h12cjjjjai1aa.html
https://blog.csdn.net/badboyer/article/details/51261083
web.xml修改过滤器
<filter>
<filter-name>CORS</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>cors.allowGenericHttpRequests</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowSubdomains</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>cors.supportedMethods</param-name>
<param-value>GET, HEAD, POST, OPTIONS</param-value>
</init-param>
<init-param>
<param-name>cors.supportedHeaders</param-name>
<param-value>Accept, Origin,
X-Requested-With, Content-Type, Last-Modified, x-authenticated-clientid
</param-value>
</init-param>
<init-param>
<param-name>cors.exposedHeaders</param-name>
<param-value>X-Test-1,
X-Test-2
</param-value>
</init-param>
<init-param>
<param-name>cors.supportsCredentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.maxAge</param-name>
<param-value>3600</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
supportedMethods加入OPTIONS
supportedHeaders 中加入 x-authenticated-clientid