当前位置:网站首页>Cross domain and CORS

Cross domain and CORS

2022-07-19 14:58:00 Leisurely summer

1、 Cross domain

Cross domain , In essence, it is a kind of protection processing of browser . If cross domain , When the server returns the result, it will be intercepted by the browser ( Be careful : At this time, the request can be initiated normally , It's just that the browser intercepted it ), The content that caused the response is not available . Generate cross domain

There are several cases :

Current page URL The requested page URL Cross domain or not reason
http://www.lagou.com/http://www.lagou.com/index.html no Homology ( agreement , domain name , Same port number )
http://www.lagou.com/https://www.lagou.com/index.html Cross domain Different agreements (http/https)
http://www.lagou.com/http://www.baidu.com/ Cross domain The main domain name is different (lagou/baidu)
http://www.lagou.com/http://kaiwu.lagou.com/ Cross domain Different subdomains (www/kaiwu)
http://www.lagou.com:8080http://www.lagou.com:8090 Cross domain Port number is different (8080/8090)

2、 To solve the cross domain

2.1、JSONP

The browser allows some with src The label of the property is cross domain , That is, on some labels src Write on attribute url The address will not cause cross domain problems

2.2、CORS To solve the cross domain

CORS It's a W3C standard , The full name is " Cross-domain resource sharing "(Cross-origin resource sharing).CORS Requires both browser and server support . at present , All browsers support this feature ,IE The browser cannot be lower than IE10. Before the browser makes a real request , Will launch a OPTIONS Type of pre inspection request , Used to request whether the server allows cross domain , Only with permission will the request be initiated

3、 be based on Spring Security Of CORS Support

3.1、 Declare cross domain configuration source 

/**
     *  Cross domain information configuration source 
     */
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        //  Allow cross domain sites 
        corsConfiguration.addAllowedOrigin("*");
        //  Allow cross domain http Method 
        corsConfiguration.addAllowedMethod("*");
        //  Allow cross domain request headers 
        corsConfiguration.addAllowedHeader("*");
        //  It is allowed to carry vouchers 
        corsConfiguration.setAllowCredentials(true);

        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        //  For all url All in force 
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return urlBasedCorsConfigurationSource;
    }

3.2、 Turn on cross domain support 

// Allow cross-domain 
http.cors().configurationSource(corsConfigurationSource());

3.3、 Front end cross domain test code 

function toCors() {
        $.ajax({
            //   By default , Standard cross domain requests are not sent cookie Of 
            xhrFields: {
                withCredentials: true
            },
            url: "http://localhost:8090/user/1",   //  according to ID Query the user 
            success: function (data) {
                alert(" The request is successful ." + data)
            }
        });

原网站

版权声明
本文为[Leisurely summer]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/200/202207172204049259.html

边栏推荐

猜你喜欢

随机推荐