Implementation method of cross domain request of CORS in Java

problem

When developing projects using the front-end and back-end separation mode, we often encounter such a problem - we can't get the server-side data across domains

This is caused by the browser's homology policy for security. Today, when the front-end and back-end separation development mode is favored, front-end and back-end projects often develop in different environments. At this time, there will be the demand for cross domain data requests. The current solutions mainly include the following:

Jsonp, iframe, proxy mode, CORS, etc. the previous methods are not discussed here. There are many materials on the Internet. Here, I mainly share the solution of CORS, namely "cross domain resource sharing", which allows browsers to send XMLHttpRequest requests to cross source servers, thus overcoming the limitation that Ajax can only be used in the same source.

The cross domain process of CORS is the same as the normal Ajax process, but the browser will automatically help us deal with some things when it finds that this is a cross domain request. Therefore, as long as the server provides support, the front end does not need to do additional things.

realization

The general idea of the implementation is as follows: first, use the filter to obtain the information of the request object request, For example, the origin field (indicating which source the request comes from, including protocol, domain name and port) determines whether the request is legal through pre configured parameters, and then sets the header information of the response object response to realize the cross domain resource request. Before introducing the implementation method, let's learn about the response header information that will be used.

Response header

Access control allow methods is used to list the HTTP methods allowed by the browser's CORS request, such as get, post, put, delete and options

Access control allow credentials indicates whether cross domain cookies are supported

Access control allow headers is a comma separated string that represents all header information fields supported by the server, such as content type and custom fields

In contrast to "access control allow headers", access control expose headers indicates unsupported header information fields

Access control allow origin allows cross domain request source information, including protocol, domain name and port. A * indicates that all request sources are allowed, and only one request source can be set

The following describes how the Java background implements this method.

code

Since spring boot has been used recently, it will be implemented based on spring boot.

First, create a corsfilter filter. The code is as follows:

With the completion of the project, the front end can now obtain the data of the background across domains, which is much easier than other methods. The code is not explained and easy to understand. The same is true for other background development methods. The ultimate purpose is to judge the request and set the response header. The front end doesn't have to do anything.

The above is the whole content of this article. I hope it will be helpful to your study, and I hope you can support programming tips.