CROS cross-domain principle
Cross-domain resource sharing (CORS) is a mechanism that uses additional HTTP headers to tell browsers to allow Web applications running on one Origin (domain) to access specified resources from different source servers. When a resource requests a resource from a different domain or port than the server on which the resource itself resides, the resource makes a cross-domain HTTP request.
The cross-domain resource sharing (CORS) mechanism allows Web application servers to control cross-domain access and secure cross-domain data transfer. Modern browsers support the use of CORS in API containers, such as XMLHttpRequest or Fetch, to reduce the risk associated with cross-domain HTTP requests.
Cross-domain configuration file CorsConfig
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.*;
/ * * *@version 1.0
* @classname CorsConfig
* @descriptionTo solve cross-domain problems, override the interface provided by the parent class to handle cross-domain requests *@date 2021/2/23 22:06
* @created by MelodyJerry
*/
@Configuration
@EnableWebMvc
//public class CorsConfig implements WebMvcConfigurer {// No mapping for GET is implemented
public class CorsConfig extends WebMvcConfigurationSupport {
/* * Rewrite the addCorsMappings method */ in order to solve the cross-domain problem
@Override
Public void addCorsMappings(CorsRegistry registry) {// When the console prompts No mapping for GET, replace the connection
protected void addCorsMappings(CorsRegistry registry) {
// Set the path allowed across domains
registry.addMapping("/ * *") // All current site request addresses, all support cross-domain access
// Set the name to allow cross-domain requests. Choose allowedOrigins or allowedOrigins
AllowedOrigins ("*") access-Control-allow-origin ("*"
//. AllowedOrigins (" domain name ") // It is difficult to configure localhost because external domain resolution may be localhost, 127.0.0.1, or host name in a cross-domain request
.allowedOriginPatterns("*") // All external domains are accessible across domains
// Which primitive fields are allowed (request mode)
.allowedMethods("GET"."HEAD"."POST"."PUT"."DELETE"."OPTIONS")
// Set the allowed headers
.allowedHeaders("*")
// Which headers to expose (because cross-domain access does not get all headers by default)
.exposedHeaders("access-control-allow-headers"."access-control-allow-methods"."access-control-allow-origin"."access-control-max-age"."X-Frame-Options")
// Whether to allow certificates (whether to support cross-domain user credentials), no longer enabled by default
.allowCredentials(true)
// Allow time across domains
.maxAge(3600);
}
* Cause: The built-in interface of swagger is blocked by interceptor, and Swagger needs to be added to the exclusion list of interceptors. * @param registry */
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("swagger-ui.html")
.addResourceLocations("classpath:/META-INF/resources/");
registry.addResourceHandler("doc.html")
.addResourceLocations("classpath:/META-INF/resources/");
registry.addResourceHandler("/webjars/**")
.addResourceLocations("classpath:/META-INF/resources/webjars/"); }}Copy the code
You may encounter
(1). AllowedMethods (” * “)
AllowedMethods (“*”) and access-Control-allow-Origin are configured at the same time.
AllowedOrigins cannot contain the special value “*” when allowCredentials are true, because this value cannot be set on the “Access Control Allow Origin” response header. To allow credentials to point to a set of sources, list them explicitly, or consider using “allowedOriginPatterns” instead.
In this case, there are two solutions, and the second one is recommended:
. AllowedOrigins (" domain name ")
- advice
.allowedOriginPatterns("*")
(2) an error O.S.W eb. Servlet. PageNotFound: No mapping for the GET
Console the above message is O.S.W eb. Servlet. PageNotFound: No mapping for the GET, the solution is simple: Will extends WebMvcConfigurationSupport instead implements WebMvcConfigurer (corresponding protected void addCorsMappings to change public void AddCorsMappings)
Nginx cannot access Swagger after deployment
Two methods are provided, and the first one is preferred
(1) Add the configuration directly to the.yml configuration file
springfox:
documentation:
swagger:
v2:
host: ip:8080
Copy the code
(2) The Nginx proxy forwards swagger-ui.html related paths
location /swagger-ui.html {
proxy_pass http://ip:port;
index index.html index.htm;
}
location /webjars {
proxy_pass http://ip:port;
index index.html index.htm;
}
location /swagger-resources {
proxy_pass http://ip:port;
index index.html index.htm;
}
location /v2 {
proxy_pass http://ip:port;
index index.html index.htm;
}
Copy the code
References:
- A pit to set headers in an Ajax cross-domain request
- SpringBoot implements cross-domain access (CORS) with back-end separation
- What is cross-domain? Cross-domain solutions