|
|
@@ -11,23 +11,26 @@ import javax.servlet.http.HttpServletResponse;
|
|
|
* 而是应该指定具体的 allowedOrigin。
|
|
|
*/
|
|
|
public class AllCorsHandler extends Handler {
|
|
|
+
|
|
|
@Override
|
|
|
public void handle(String target, HttpServletRequest request, HttpServletResponse response, boolean[] isHandled) {
|
|
|
- // 设置所有响应头字段,允许所有来源的跨域
|
|
|
- response.setHeader("Access-Control-Allow-Origin", "*"); // 允许所有来源
|
|
|
- response.setHeader("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,OPTIONS"); // 允许所有常用方法
|
|
|
- response.setHeader("Access-Control-Allow-Headers", "Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,dl-token,dl_token"); // 允许所有常用头
|
|
|
- response.setHeader("Access-Control-Max-Age", "3600"); // 预检请求缓存时间为 1 小时
|
|
|
- response.setHeader("Access-Control-Allow-Credentials", "true"); // 允许发送 Cookie 等凭证(如果前端有发送,这里也要允许)
|
|
|
+ // *** 关键修改:将 '*' 替换为具体的调用方域名 ***
|
|
|
+ String ALLOWED_ORIGIN = "http://117.72.208.239";
|
|
|
+ response.setHeader("Access-Control-Allow-Origin", ALLOWED_ORIGIN);
|
|
|
+
|
|
|
+ response.setHeader("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,OPTIONS");
|
|
|
+ // 确保继续包含你自定义的 headers,如 dl_token
|
|
|
+ response.setHeader("Access-Control-Allow-Headers", "Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,dl_token,dl-token");
|
|
|
+ response.setHeader("Access-Control-Max-Age", "3600");
|
|
|
+ response.setHeader("Access-Control-Allow-Credentials", "true"); // 这一行现在可以正常使用了
|
|
|
|
|
|
// 处理 OPTIONS 预检请求
|
|
|
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
|
|
|
- response.setStatus(HttpServletResponse.SC_OK); // 浏览器收到 200 OK 就会继续发送实际请求
|
|
|
- isHandled[0] = true; // 拦截请求,不再往下执行 Controller,直接返回
|
|
|
- return; // 结束方法执行
|
|
|
+ response.setStatus(HttpServletResponse.SC_OK);
|
|
|
+ isHandled[0] = true;
|
|
|
+ return;
|
|
|
}
|
|
|
|
|
|
- // 继续执行后续的 Handler 和 Controller
|
|
|
next.handle(target, request, response, isHandled);
|
|
|
}
|
|
|
}
|
