Cross domain, custom query and paging of spring boot (5)

Java

Cross domain

We have initially made a protected rest API, but we haven't covered a very important issue in the front-end field, that is, cross origin HTTP request. Let's review some background knowledge first:

Cross domain request

Definition: when we request resources provided by services with different domain names or ports from our own site, we will initiate a cross domain request.

For example, many of our CSS style files are linked to a public CDN server rather than its own server, which is actually a typical cross domain request. However, due to security reasons, the browser restricts the cross domain HTTP requests initiated in the script. That is, XMLHttpRequest and fetch follow the "same origin rule", that is, they can only access the resources on the specified port of their own server (different ports on the same server can also be regarded as cross domain). However, this restriction can not meet the needs of developers when our applications need to access a variety of external APIs or resources. Therefore, there are several cross domain solutions. Jsonp is one of them, but today, the mainstream more thorough solution is CORS ( Cross-Origin Resource Sharing )。

Cross domain resource sharing (CORS)

This mechanism gives the cross domain access control to the server, which can ensure the secure cross domain data transmission. Modern browsers generally encapsulate CORS support in HTTP APIs (such as XMLHttpRequest and fetch), which can effectively control the risk of using cross domain requests, because you can't get around it, you have to use the API.

To sum up, this mechanism is to add a series of HTTP headers so that the server can describe which sources are allowed to use the browser to access resources. Moreover, the processing mechanism is different for simple requests and complex requests.

The simple request only allows three HTTP methods: get, post and head. In addition, it can only support several header parameters: accept, accept language, content language, content type (the values can only be application / x-www-form-urlencoded, multipart / form data and text / plain), DPR, downlink, save data, viewport width and width.

For simple requests, such as the following simple get request: from http://me.domain Initiated to http://another.domain/data/blablabla Resource request for

The response returned by the opposite server with CORS should look like the following. Of course, the * in access control allow origin: * means that any website can access the resource. If you want to restrict it, you can only access it from me For domain access, it needs to be changed to access control allow origin: http://me.domain

Now, we can use get like this http://localhost:8090/projects/?page=0&size=3 It means taking three data per page and taking the first page.

Code of this chapter: https://github.com/wpcfan/spring-boot-tut/tree/chap05

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>