springcloud gateway解决跨域问题
2024-08-26 08:47:18
/**
* 跨域允许
*/
@Configuration
public class CorsConfig { @Bean
public WebFilter corsFilter() {
return (ServerWebExchange ctx, WebFilterChain chain) -> {
ServerHttpRequest request = ctx.getRequest();
if (CorsUtils.isCorsRequest(request)) {
ServerHttpResponse response = ctx.getResponse();
HttpHeaders headers = response.getHeaders();
headers.set(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*");
headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "*");
headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "");
headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, "*");
headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "3600");
if (request.getMethod() == HttpMethod.OPTIONS) {
response.setStatusCode(HttpStatus.OK);
return Mono.empty();
}
}
return chain.filter(ctx);
};
}
}
参考博客:https://blog.csdn.net/a294634473/article/details/90715903
以上只是简单的处理,如果再网关和后端都进行了跨域配置,在返回的请求头中可能包含多个跨域的信息,那样同样会让请求出现异常,所以在上面的处理后,要将重复的跨域头信息给删除掉
在高一点的springcloud gateway中包含了DedupeResponseHeaderGatewayFilterFactory,可以进行过滤,如果低版本,没有这个类,自行从高版本中拷贝过来作为一个实现类,然后添加上配置
- DedupeResponseHeader=Access-Control-Allow-Credentials Access-Control-Allow-Origin Access-Control-Allow-Methods Access-Control-Allow-Headers Vary
附件代码:
GwCorsFilter.java
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.reactive.CorsWebFilter;
import org.springframework.web.util.pattern.PathPatternParser; @Configuration
public class GwCorsFilter { @Bean
public CorsWebFilter corsFilter() {
CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); // 允许cookies跨域
config.addAllowedOrigin("*");// #允许向该服务器提交请求的URI,*表示全部允许,在SpringMVC中,如果设成*,会自动转成当前请求头中的Origin
config.addAllowedHeader("*");// #允许访问的头信息,*表示全部
config.addAllowedMethod("*");// 允许提交请求的方法类型,*表示全部允许
config.setMaxAge(18000L);// 预检请求的缓存时间(秒),即在这个时间段里,对于相同的跨域请求不会再预检了 org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource source =
new org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource(new PathPatternParser());
source.registerCorsConfiguration("/**", config); return new CorsWebFilter(source);
}
}
DedupeResponseHeaderGatewayFilterFactory.java
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors; import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.web.server.ServerWebExchange; import lombok.extern.slf4j.Slf4j;
import reactor.core.publisher.Mono; /*
Use case: Both your legacy backend and your API gateway add CORS header values. So, your consumer ends up with
Access-Control-Allow-Credentials: true, true
Access-Control-Allow-Origin: https://musk.mars, https://musk.mars
(The one from the gateway will be the first of the two.) To fix, add
DedupeResponseHeader=Access-Control-Allow-Credentials Access-Control-Allow-Origin Configuration parameters:
- name
String representing response header names, space separated. Required.
- strategy
RETAIN_FIRST - Default. Retain the first value only.
RETAIN_LAST - Retain the last value only.
RETAIN_UNIQUE - Retain all unique values in the order of their first encounter. Example 1
default-filters:
- DedupeResponseHeader=Access-Control-Allow-Credentials Response header Access-Control-Allow-Credentials: true, false
Modified response header Access-Control-Allow-Credentials: true Example 2
default-filters:
- DedupeResponseHeader=Access-Control-Allow-Credentials, RETAIN_LAST Response header Access-Control-Allow-Credentials: true, false
Modified response header Access-Control-Allow-Credentials: false Example 3
default-filters:
- DedupeResponseHeader=Access-Control-Allow-Credentials, RETAIN_UNIQUE Response header Access-Control-Allow-Credentials: true, true
Modified response header Access-Control-Allow-Credentials: true
*/ /**
* @author Vitaliy Pavlyuk
*/
@Slf4j
public class DedupeResponseHeaderGatewayFilterFactory extends
AbstractGatewayFilterFactory<DedupeResponseHeaderGatewayFilterFactory.Config> { private static final String STRATEGY_KEY = "strategy"; public DedupeResponseHeaderGatewayFilterFactory() {
super(Config.class);
} @Override
public List<String> shortcutFieldOrder() {
return Arrays.asList(NAME_KEY, STRATEGY_KEY);
} @Override
public GatewayFilter apply(Config config) {
return new GatewayFilter() {
@Override
public Mono<Void> filter(ServerWebExchange exchange,
GatewayFilterChain chain) {
return chain.filter(exchange).then(Mono.fromRunnable(
() -> dedupe(exchange.getResponse().getHeaders(), config)));
}
};
} public enum Strategy { /**
* Default: Retain the first value only.
*/
RETAIN_FIRST, /**
* Retain the last value only.
*/
RETAIN_LAST, /**
* Retain all unique values in the order of their first encounter.
*/
RETAIN_UNIQUE } void dedupe(HttpHeaders headers, Config config) {
String names = config.getName();
Strategy strategy = config.getStrategy();
if (headers == null || names == null || strategy == null) {
return;
}
for (String name : names.split(" ")) {
dedupe(headers, name.trim(), strategy);
}
} private void dedupe(HttpHeaders headers, String name, Strategy strategy) {
List<String> values = headers.get(name);
log.info("{}={}",name,values);
if (values == null || values.size() <= 1) {
return;
}
switch (strategy) {
case RETAIN_FIRST:
headers.set(name, values.get(0));
break;
case RETAIN_LAST:
headers.set(name, values.get(values.size() - 1));
break;
case RETAIN_UNIQUE:
headers.put(name, values.stream().distinct().collect(Collectors.toList()));
break;
default:
break;
}
} public static class Config extends AbstractGatewayFilterFactory.NameConfig { private Strategy strategy = Strategy.RETAIN_FIRST; public Strategy getStrategy() {
return strategy;
} public Config setStrategy(Strategy strategy) {
this.strategy = strategy;
return this;
} } }
最新文章
- Linux cp (复制)命令简介
- JS toFixed 四舍六入五成双
- 使用微软CORS包不能跨域访问的问题
- VS2010程序打包
- HackRF实现GPS欺骗教程
- HTML WEB 和HTML Agility Pack结合
- bzoj 3669: [Noi2014]魔法森林 动态树
- Django内置template标签
- 如何使用 yum 安装/更新/移除 软件
- 【.NET】字符串处理
- Docker网络代理设置
- 【ztree】ztree例子
- ORACLE复制表结构
- SparkStreaming流处理
- Linux基础笔记——RAID
- Java - ";JUC"; ReentrantLock获取锁
- python之线程queue
- MacBook Apache服务
- mysql安装版卸载,解压版安装
- ";类工厂模式";改写SqlHelper