解决方式之一:(在过滤器中增加 OPTIONS 请求过滤)
@Configuration
class AuthFilter : Filter {
private val logger: Logger = LoggerFactory.getLogger(AuthFilter::class.java)
override fun doFilter(request: ServletRequest, response: ServletResponse, chain: FilterChain) {
val httpRequest = RequestWrapper(request = request as HttpServletRequest)
val httpResponse = response as HttpServletResponse
val url = httpRequest.requestURL
val path = httpRequest.requestURI
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with, authorization, Content-Type, Authorization, credential, X-XSRF-TOKEN");
if ("OPTIONS" == (request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
return chain.doFilter(request, httpResponse)
}
// public api do not check authorization
if (RestfulPath.isPublic(path)) {
//can not replace request by httpRequest
return chain.doFilter(request, httpResponse)
}
try {
val token = httpRequest.getHeader(Constant.AUTHORIZATION)
if (token != null && authToken(token, httpResponse, httpRequest)) {
return chain.doFilter(httpRequest, response)
}
response(httpCode = HttpStatus.UNAUTHORIZED.value(), errorInfo = BusinessCode.NO_PERMISSION, httpResponse = httpResponse)
return
} catch (e: Exception) {
e.printStackTrace()
response(httpCode = HttpStatus.UNAUTHORIZED.value(), errorInfo = BusinessCode.SYSTEM_ERROR, httpResponse = httpResponse)
return
}
}
}
关键代码:
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with, authorization, Content-Type, Authorization, credential, X-XSRF-TOKEN");
if ("OPTIONS" == (request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
return chain.doFilter(request, httpResponse)
}
网友评论