如果cors策略java spring被阻止，如何访问后端

您需要向控制器方法添加一个@CrossOrigin注释。请参阅上的详细描述https://spring.io/guides/gs/rest-service-cors/在标题"；启用CORS"；。

您需要允许您想要访问的客户端域调用您的API。为此，您可以简单地创建CORSFilter。以下是最低限度的CORSFilter实现：

@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CorsFilter implements Filter {
/*
* (non-Javadoc)
* 
* @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
*/
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
/*
* (non-Javadoc)
* 
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
* javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
httpServletResponse.addHeader("Access-Control-Allow-Origin", "*"); // IMPORTANT: Allowed all the domains
httpServletResponse.addHeader("Access-Control-Allow-Methods", "OPTIONS, GET, POST, DELETE, PUT, PATCH, HEAD");
httpServletResponse.addHeader("Access-Control-Allow-Headers",
"Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Origin, Authorization");
httpServletResponse.addHeader("Access-Control-Expose-Headers",
"Access-Control-Allow-Origin, Access-Control-Allow-Credentials, Content-Disposition");
httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");
httpServletResponse.addIntHeader("Access-Control-Max-Age", 3600);
if ("OPTIONS".equalsIgnoreCase(httpServletRequest.getMethod())) {
httpServletResponse.setStatus(HttpServletResponse.SC_OK);
} else {
filterChain.doFilter(httpServletRequest, httpServletResponse);
}
}
/*
* (non-Javadoc)
* 
* @see javax.servlet.Filter#destroy()
*/
@Override
public void destroy() {
}
}

特别关注上面代码中的Access-Control-Allow-Origin头。