设置下Access-Control-Allow-Headers
代码语言:javascript复制@Component
@WebFilter
public class CorsFilter implements Filter {
private final static String SPLIT = ";";
@Value("${roc.allow.origins:http://aa.aa.cn:8088}")
private String allowOrigins ;
private List<String> allows = null;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
if (allowOrigins.contains(SPLIT)) {
allows = Arrays.asList(allowOrigins.split(SPLIT).clone());
} else {
allows.add(allowOrigins);
}
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
String origin = request.getHeader("Origin");
if (allows.contains(origin)) {
response.setHeader("Access-Control-Allow-Origin",origin);
response.setHeader("Access-Control-Allow-Methods", "*");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,x-xsrf-token,x-csrf-token,If-Modified-Since,Cache-Control,Content-Type, X-Custom-Header, Access-Control-Expose-Headers, Token, Authorization");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Expires", "-1");
response.setHeader("Cache-Control", "no-cache");
response.setHeader("pragma", "no-cache");
if ("OPTIONS".equals(request.getMethod())){
response.setStatus(HttpStatus.SC_OK);
return;
}
}
chain.doFilter(req, res);
}
@Override
public void destroy() {
}
}
