Java Tomcat CORS 过滤器
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/24386712/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Tomcat CORS filter
提问by Tobia
I want to enable tomcat CORS filter, i added this to web.xml:
我想启用 tomcat CORS 过滤器,我将其添加到 web.xml:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
But it doesn't work. I tried with a custom filter:
但它不起作用。我尝试使用自定义过滤器:
<filter>
<filter-name>SimpleCORSFilter</filter-name>
<filter-class>com.common.SimpleCORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SimpleCORSFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
With this Class:
有了这个类:
public class SimpleCORSFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
chain.doFilter(req, res);
}
}
And this well works, can you tell me why? I don't know if it is important but I'm usign Spring Framework.
这很好用,你能告诉我为什么吗?我不知道这是否重要,但我使用的是 Spring Framework。
采纳答案by Paul Vargas
The filter org.apache.catalina.filters.CorsFilterseek first a header in the request: Origin. If this header does not exist, the filter does not add any header in the response. Perhaps for that reason does not work.
过滤器org.apache.catalina.filters.CorsFilter首先在请求中寻找标头:Origin。如果此标头不存在,则过滤器不会在响应中添加任何标头。也许因为这个原因不起作用。
Additionally, in a POSTrequest, look for the header Content-Type. Something similar happens to other methods. May you want to see the codeof this filter. In another way, there is a flowchart:
此外,在POST请求中,查找 header Content-Type。其他方法也会发生类似的情况。可能你想看看这个过滤器的代码。另一种方式,有一个流程图:
回答by Krizka
I get a similar problem and I found something that worked for me on tomcat doc tomcat-doc-CORSFilterI use filter and init-paramas below:
我遇到了类似的问题,我发现了一些对我有用的tomcat doc tomcat-doc-CORSFilter我使用 filter 和init-param如下:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Hope it helps!
希望能帮助到你!
回答by u7425847
In my case with Ueditor,the X-Requested-Withshould be X_Requested_With.
在我使用 Ueditor 的情况下,X-Requested-With应该是X_Requested_With.
