CORS request principle

CORS Principle of request

CORS It's a W3C standard , The full name is " Cross-domain resource sharing "（Cross-origin resource sharing）. It allows the browser to cross to the source server , issue XMLHttpRequest request , To overcome AJAX A restriction that can only be used with the same origin .

Basically all current browsers have implemented CORS standard , In fact, almost all browsers at present ajax Requests are based on CORS The mechanism , It's just that front-end developers may not care about it at ordinary times ( So now CORS The solution is mainly to consider how the background should be implemented ).

JAVA The background configuration
JAVA The background configuration only needs to follow the following steps :

First step : Get dependency jar package
download cors-filter-1.7.jar, java-property-utils-1.9.jar These two library files are put into lib Under the table of contents .( Put it in the corresponding item webcontent/WEB-INF/lib/ Next )

The second step : If the project uses Maven Built , Please add the following dependencies to pom.xml in :( Not maven Please ignore )

<dependency>
    <groupId>com.thetransactioncompany</groupId>
    <artifactId>cors-filter</artifactId>
    <version>[ version ]</version>
</dependency>

The version should be the latest stable version ,CORS filter

The third step : add to CORS Configuration to project Web.xml in ( App/WEB-INF/web.xml)

<!--  Cross domain configuration -->    
<filter>
        <!-- The CORS filter with parameters -->
        <filter-name>CORS</filter-name>
        <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
        
        <!-- Note: All parameters are options, if omitted the CORS Filter will fall back to the respective default values. -->
        <init-param>
            <param-name>cors.allowGenericHttpRequests</param-name>
            <param-value>true</param-value>
        </init-param>
        
        <init-param>
            <param-name>cors.allowOrigin</param-name>
            <param-value>*</param-value>
        </init-param>
        
        <init-param>
            <param-name>cors.allowSubdomains</param-name>
            <param-value>false</param-value>
        </init-param>
        
        <init-param>
            <param-name>cors.supportedMethods</param-name>
            <param-value>GET, HEAD, POST, OPTIONS</param-value>
        </init-param>
        
        <init-param>
            <param-name>cors.supportedHeaders</param-name>
            <param-value>Accept, Origin, X-Requested-With, Content-Type, Last-Modified</param-value>
        </init-param>
        
        <init-param>
            <param-name>cors.exposedHeaders</param-name>
            <!-- Here you can add some of your own exposure Headers -->
            <param-value>X-Test-1, X-Test-2</param-value>
        </init-param>
        
        <init-param>
            <param-name>cors.supportsCredentials</param-name>
            <param-value>true</param-value>
        </init-param>
        
        <init-param>
            <param-name>cors.maxAge</param-name>
            <param-value>3600</param-value>
        </init-param>

    </filter>

    <filter-mapping>
        <!-- CORS Filter mapping -->
        <filter-name>CORS</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

Please note that , Please put the above configuration files in web.xml In front of , As the first filter There is ( There can be multiple filter Of )