跨域

web/src/main/java/cn/jlw/filter/CorsFilter.java

@@ -13,17 +13,24 @@ import java.io.IOException;
 import java.util.Arrays;
 import java.util.List;
 
+import static cn.jlw.filter.CorsFilter.ALLOW_ORIGIN;
+
 //cors跨域处理
 
 //TODO 方便调试，allowOrigin暂时适用*,之后改为前端地址
 @WebFilter(filterName = "corsFilter", urlPatterns = "/*",
-        initParams = {@WebInitParam(name = "allowOrigin", value = "*"),
+        initParams = {@WebInitParam(name = "allowOrigin", value = ALLOW_ORIGIN),
                 @WebInitParam(name = "allowMethods", value = "GET,POST,PUT,DELETE,OPTIONS"),
                 @WebInitParam(name = "allowCredentials", value = "true"),
                 @WebInitParam(name = "allowHeaders", value = "Content-Type,X-Token,token,isWx,_sign,_role_tag"),
 })
 public class CorsFilter implements Filter {
 
+    /**
+     * 请求头中取Origin, 占位
+     */
+    static final String ALLOW_ORIGIN = "ORIGIN_HEADER_PLACEHOLDER";
+
     private final Log log = LogFactory.getLog(this.getClass());
 
     private String allowOrigin;
@@ -49,6 +56,9 @@ public class CorsFilter implements Filter {
         if (StringUtils.isNotBlank(allowOrigin)) {
             if(allowOrigin.equals("*")){
                 response.setHeader("Access-Control-Allow-Origin", allowOrigin);
+            }
+            else if(allowOrigin.equals(ALLOW_ORIGIN)) {
+                response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
             }else{
                 List<String> allowOriginList = Arrays.asList(allowOrigin.split(","));
                 if (allowOriginList != null && allowOriginList.size() > 0) {