通过Filter进行处理
- 增加filter处理器(如果项目中有,可直接复制替换) ```java /**
- @author XK */ @Component public class XssFilter implements Filter { @Override public void init(FilterConfig config) throws ServletException { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper( (HttpServletRequest) request); HttpServletResponse httpServletResponse = (HttpServletResponse) response; //这里填写你允许进行跨域的主机ip httpServletResponse.setHeader("Access-Control-Allow-Origin", ""); //允许的访问方法, 代表全部可以访问 httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET"); //Access-Control-Max-Age 用于 CORS 相关配置的缓存 httpServletResponse.setHeader("Access-Control-Max-Age", "3600"); httpServletResponse.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept,token"); if ("OPTIONS".equalsIgnoreCase(((HttpServletRequest) request).getMethod())){ ((HttpServletResponse) response).setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED); ServletOutputStream outputStream = response.getOutputStream(); outputStream.write(new String("不安全的请求".getBytes(),"utf-8").getBytes()); outputStream.flush(); } chain.doFilter(xssRequest, httpServletResponse); } @Override public void destroy() { }
} ```
