@Test public void customizedMapping() { this.registry.addMapping("/foo").allowedOrigins("http://domain2.com", "http://domain2.com") .allowedMethods("DELETE").allowCredentials(false).allowedHeaders("header1", "header2") .exposedHeaders("header3", "header4").maxAge(3600); Map<String, CorsConfiguration> configs = this.registry.getCorsConfigurations(); assertEquals(1, configs.size()); CorsConfiguration config = configs.get("/foo"); assertEquals(Arrays.asList("http://domain2.com", "http://domain2.com"), config.getAllowedOrigins()); assertEquals(Arrays.asList("DELETE"), config.getAllowedMethods()); assertEquals(Arrays.asList("header1", "header2"), config.getAllowedHeaders()); assertEquals(Arrays.asList("header3", "header4"), config.getExposedHeaders()); assertEquals(false, config.getAllowCredentials()); assertEquals(Long.valueOf(3600), config.getMaxAge()); }
@Override public void addCorsMappings(CorsRegistry registry) { //默认拦截路径 registry.addMapping("/**") //表示允许那些原始域进行跨域访问,这里"*"表示允许任意网站,实际开发建议修改为配置项。 .allowedOrigins("*") //表示是否允许客户端发送Cookie等凭证信息,这里"true"表示支持发送,涉及登陆此处必须开启。 .allowCredentials(true) //表示允许原始域发起哪些请求方式,这里"*"表示支持GET/POST等全部提交方式。 .allowedMethods("*") //表示允许原始域携带哪些请求头 这里"*"表示支持全部请求头 .allowedHeaders("*") //表示允许暴露哪些响应头,这里特指那些非简单的头部信息,所以用"*"无效。 .exposedHeaders(HttpHeaders.AUTHORIZATION); } };
.allowedMethods("*") .allowedHeaders("*") .exposedHeaders("Access-Control-Allow-Origin", "Access-Control-Allow-Methods", "Access-Control-Allow-Headers",
@Override public void addCorsMappings(CorsRegistry registry) { CorsRegistration corsRegistration = registry.addMapping("/**") .allowedHeaders("X-requested-with", "x-auth-token", "Content-Type") .allowedMethods("POST", "GET", "OPTIONS", "DELETE") .exposedHeaders("x-auth-token"); if (applicationProperties.isDevMode()) { corsRegistration.allowedOrigins("*"); } else { corsRegistration.allowedOrigins(properties.getFrontEndUrl(), properties.getServerUrl()); } } }