NutzCN Logo
问答 headers中添加允许token,客户端跨域请求问题
发布于 2392天前 作者 qq_9f4a6570 8478 次浏览 复制 上一个帖子 下一个帖子
标签:

定义了一个MyCrossOriginFilter.class,并在Access-Control-Allow-Headers 额外添加了允许"token",客户端ajax请求带有token时有个别接口不支持跨域了,请求不带token就支持跨域。什么原因呢?
另外,两个不同的Control都定义有相同的@At("/campaign/list") url,会影响跨域请求么?

public class MyCrossOriginFilter implements ActionFilter {
	
	private static final Log log = Logs.get();
	protected String origin;
	protected String methods;
	protected String headers;
	protected String credentials;
	
	public MyCrossOriginFilter() {
		this("*", "GET, POST, PUT, DELETE, OPTIONS, PATCH", "Origin, Content-Type, Accept, Authorization, X-Requested-With,token", "true");
	}
	
	public MyCrossOriginFilter(String origin, String methods, String headers, String credentials) {
		this.origin = origin;
		this.methods = methods;
		this.headers = headers;
		this.credentials = credentials;
	}
	
	public View match(ActionContext ac) {
		HttpServletResponse resp = ac.getResponse();
		if (!Strings.isBlank(this.origin)) {
			resp.setHeader("Access-Control-Allow-Origin", this.origin);
		}
		
		if (!Strings.isBlank(this.methods)) {
			resp.setHeader("Access-Control-Allow-Methods", this.methods);
		}
		
		if (!Strings.isBlank(this.headers)) {
			resp.setHeader("Access-Control-Allow-Headers", this.headers);
		}
		
		if (!Strings.isBlank(this.credentials)) {
			resp.setHeader("Access-Control-Allow-Credentials", this.credentials);
		}
		
		if ("OPTIONS".equals(ac.getRequest().getMethod())) {
			if (log.isDebugEnabled()) {
				log.debugf("Feedback -- [%s] [%s] [%s] [%s]", new Object[]{this.origin, this.methods, this.headers, this.credentials});
			}
			
			return new VoidView();
		}

		return null;
	}
}
@IocBean(name = "adsHome")
@Filters({ @By(type = MyActionFilter.class, args = {""})})
@At("ads/home")
public class HomeControl extends BaseController {

	@At("/campaign/list")
	@Ok("json")
	@Filters({@By(type = MyCrossOriginFilter.class)})
	public ReturnObject campaignList() {
		ReturnObject result = new ReturnObject();

		
		return result;
	}
}
@IocBean(name = "adsReport")
@Filters({@By(type = MyActionFilter.class, args = {""})})
@At("ads/report")
public class ReportControl extends BaseController {


    /**
     * 分页列表
     *
     * @param search
     * @return
     */
    @At("/campaign/list")
    @Ok("json")
    @Filters({@By(type = MyCrossOriginFilter.class), @By(type = MyActionFilter.class, args = "")})
    public ReturnObject listCampaignList(@Param("..") CampaignReport search) {
        

        ReturnObject ro = new ReturnObject();
       
        return ro;
    }
}
22 回复

类上的@At不一样啊

两个类啊,会对跨域有影响么?

如果两个类里面的@At没毛病的话。我该怎么解决这个跨域问题呢?因为是把两个类里的@At改成不一样时,就可以跨域了,很奇怪啊这里面

看Chrome的网络请求,看看请求到什么了

这个是不正常的

Request URL: http://xxxx:8505/ads/home/creative/list?_=1528170298736
Request Method: OPTIONS
Status Code: 200 
Remote Address: 180.97.75.148:8505
Referrer Policy: no-referrer-when-downgrade
Allow: GET, HEAD, POST, PUT, DELETE, OPTIONS
Content-Length: 0
Date: Tue, 05 Jun 2018 03:42:56 GMT
X-Powered-By: nutz/1.r.63.r3-20171220 <nutzam.com>
Provisional headers are shown
Access-Control-Request-Headers: token
Access-Control-Request-Method: GET
Origin: http://192.168.100.144:4200
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36

这是正常的

Request URL: http://xxxxxx:8505/ads/home/day/total?_=1528170298739
Request Method: OPTIONS
Status Code: 200 
Remote Address: 180.97.75.148:8505
Referrer Policy: no-referrer-when-downgrade
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, Content-Type, Accept, token
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, PATCH
Access-Control-Allow-Origin: *
Content-Length: 0
Date: Tue, 05 Jun 2018 03:42:56 GMT
X-Powered-By: nutz/1.r.63.r3-20171220 <nutzam.com>
Provisional headers are shown
Access-Control-Request-Headers: token
Access-Control-Request-Method: GET
Origin: http://192.168.100.144:4200
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36
Access-Control-Allow-Headers: Origin, Content-Type, Accept, token
Access-Control-Request-Headers: token

Access-Control-Request-Headers 是哪里来的?

Access-Control-Request-Headers没有地方设置这个,客户端会在headers添加token:xxx 这样的值

Accept: application/json, text/plain, /
Origin: http://192.168.100.144:4200
Referer: http://192.168.100.144:4200/ads/home?token=802141
token: 802141
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36

ads/home/day/total、ads/home/creative/list 这两个接口设置都一样,然后这个ads/home/creative/list 就不行,诡异啊

@Filters配置不一样吧

方法上的@Filters会覆盖类上的@Filters, 而不是附加

我类上面的可以不加@Filters, 全加在方法上?

是覆盖,不是附加.

如果一个类里面的入口方法都带了@Filters, 那这个类上的@Filters就完全没用

嗯,那默认加了也不影响对吧,只要我入口方法都带着,就没毛病?

这样没毛病吧?

@IocBean(name = "adsHome")
@Filters({@By(type = MyCrossOriginFilter.class), @By(type = MyActionFilter.class, args = {""})})
@At("ads/home")
public class HomeControl extends BaseController {

	@GET
	@Ok("json")
	@At("/campaign/list")
	@Filters({@By(type = MyCrossOriginFilter.class), @By(type = MyActionFilter.class, args = {JurisdictionCode.ZCMOBI_ADS_HOME})})
	public ReturnObject campaignList() {
		ReturnObject result = new ReturnObject();

		
		return result;
	}

}

@GET 去掉就好了。。。。

你之前的代码里面没有出现过"@GET"

还可以这样写

	@GET
	@Ok("json")
	@At(value="/campaign/list", methods="OPTIONS")

之前有过@GET,但是有的带有@GET就可以,就这几个不可以。。。

为什么不添加token的时候,一切正常呢? 加了token 就要加methods="OPTIONS"

标注了@GET的入口方法映射的路径, 是不是还有另外一个没有@GET的,但@At相同的入口方法存在, 同一个类

同一个类里面方法是没有重复的

添加回复
请先登陆
回到顶部