From 7455187f93d3140ffe4d2e154f462c00f54943fa Mon Sep 17 00:00:00 2001 From: Mlxa0324 Date: Fri, 6 Jan 2023 17:32:22 +0800 Subject: [PATCH] =?UTF-8?q?=E8=B7=A8=E5=9F=9F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- web/src/main/java/cn/jlw/filter/CorsFilter.java | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/web/src/main/java/cn/jlw/filter/CorsFilter.java b/web/src/main/java/cn/jlw/filter/CorsFilter.java index 9ad365a4..817ce2e2 100644 --- a/web/src/main/java/cn/jlw/filter/CorsFilter.java +++ b/web/src/main/java/cn/jlw/filter/CorsFilter.java @@ -13,17 +13,24 @@ import java.io.IOException; import java.util.Arrays; import java.util.List; +import static cn.jlw.filter.CorsFilter.ALLOW_ORIGIN; + //cors跨域处理 //TODO 方便调试,allowOrigin暂时适用*,之后改为前端地址 @WebFilter(filterName = "corsFilter", urlPatterns = "/*", - initParams = {@WebInitParam(name = "allowOrigin", value = "*"), + initParams = {@WebInitParam(name = "allowOrigin", value = ALLOW_ORIGIN), @WebInitParam(name = "allowMethods", value = "GET,POST,PUT,DELETE,OPTIONS"), @WebInitParam(name = "allowCredentials", value = "true"), @WebInitParam(name = "allowHeaders", value = "Content-Type,X-Token,token,isWx,_sign,_role_tag"), }) public class CorsFilter implements Filter { + /** + * 请求头中取Origin, 占位 + */ + static final String ALLOW_ORIGIN = "ORIGIN_HEADER_PLACEHOLDER"; + private final Log log = LogFactory.getLog(this.getClass()); private String allowOrigin; @@ -49,6 +56,9 @@ public class CorsFilter implements Filter { if (StringUtils.isNotBlank(allowOrigin)) { if(allowOrigin.equals("*")){ response.setHeader("Access-Control-Allow-Origin", allowOrigin); + } + else if(allowOrigin.equals(ALLOW_ORIGIN)) { + response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin")); }else{ List allowOriginList = Arrays.asList(allowOrigin.split(",")); if (allowOriginList != null && allowOriginList.size() > 0) {