gateway实现CORS跨域
1. 通过配置类统一处理
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.web.cors.reactive.CorsUtils;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;
/**
* 跨域配置
*
**/
@Configuration
public class CorsConfig {
@Bean
public WebFilter corsFilter() {
return (ServerWebExchange ctx, WebFilterChain chain) -> {
ServerHttpRequest request = ctx.getRequest();
if (CorsUtils.isCorsRequest(request)) {
HttpHeaders requestHeaders = request.getHeaders();
ServerHttpResponse response = ctx.getResponse();
HttpMethod requestMethod = requestHeaders.getAccessControlRequestMethod();
HttpHeaders headers = response.getHeaders();
headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, requestHeaders.getOrigin());
headers.addAll(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS,
requestHeaders.getAccessControlRequestHeaders());
if (requestMethod != null) {
headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, requestMethod.name());
}
headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, "*");
if (request.getMethod() == HttpMethod.OPTIONS) {
response.setStatusCode(HttpStatus.OK);
return Mono.empty();
}
}
return chain.filter(ctx);
};
}
}
2.通过配置文件
properties
## 解决options请求被拦截问题
spring.cloud.gateway.globalcors.add-to-simple-url-handler-mapping=true
## 允许哪些网站的跨域请求 allowedOrigins: “*” 允许所有网站
spring.cloud.gateway.globalcors.corsConfigurations.[/**].allowedOrigins[0]=http://localhost:8001
## 允许的跨域ajax的请求方式
spring.cloud.gateway.globalcors.corsConfigurations.[/**].allowedMethods[0]=GET
spring.cloud.gateway.globalcors.corsConfigurations.[/**].allowedMethods[1]=POST
spring.cloud.gateway.globalcors.corsConfigurations.[/**].allowedMethods[2]=DELETE
spring.cloud.gateway.globalcors.corsConfigurations.[/**].allowedMethods[3]=PUT
spring.cloud.gateway.globalcors.corsConfigurations.[/**].allowedMethods[4]=OPTIONS
# 允许在请求中携带的头信息
spring.cloud.gateway.globalcors.corsConfigurations.[/**].allowedHeaders=*
# 是否允许携带cookie
spring.cloud.gateway.globalcors.corsConfigurations.[/**].allowCredentials=true
# 这次跨域检测的有效期
spring.cloud.gateway.globalcors.corsConfigurations.[/**].maxAge=360000
yaml
spring:
cloud:
gateway:
globalcors: # 全局的跨域处理
add-to-simple-url-handler-mapping: true # 解决options请求被拦截问题
corsConfigurations:
'[/**]':
allowedOrigins: # 允许哪些网站的跨域请求 allowedOrigins: “*” 允许所有网站
- "http://localhost:8001"
allowedMethods: # 允许的跨域ajax的请求方式
- "GET"
- "POST"
- "DELETE"
- "PUT"
- "OPTIONS"
allowedHeaders: "*" # 允许在请求中携带的头信息
allowCredentials: true # 是否允许携带cookie
maxAge: 360000 # 这次跨域检测的有效期
参考: https://docs.spring.io/spring-cloud-gateway/docs/current/reference/html/#global-cors-configuration