我们有一些受保护的资源,我们需要启用。这些资源可以通过GET和发布来获取/创建。
要处理CORS,我们已经在服务器端将处理前选项请求进行处理。我们有一个特殊的标题将从客户端发送,可以根据https://developer.mozilla.org/en-us/docs/web/http/cors/cors
,使其成为预覆盖的请求。在使用原始标头接收选项请求时,我们允许使用" access-control-allow-oferigin"来启用访问权限,并制作访问权限控制," true"。
我的问题是我需要做的其他事情,或者可以在浏览器未发送预覆盖的选项请求的情况下?
最好的问候
索拉夫
来源:https://howtodoinjava.com/servlets/java-cors-filter-example/
public class CORSFilter implements Filter {
public CORSFilter() {
}
public void destroy() {
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
System.out.println("CORSFilter HTTP Request: " + request.getMethod());
// Authorize (allow) all domains to consume the content
((HttpServletResponse) servletResponse).addHeader("Access-Control-Allow-Origin", "*");
((HttpServletResponse) servletResponse).addHeader("Access-Control-Allow-Methods","GET, OPTIONS, HEAD, PUT, POST");
HttpServletResponse resp = (HttpServletResponse) servletResponse;
// For HTTP OPTIONS verb/method reply with ACCEPTED status code -- per CORS handshake
if (request.getMethod().equals("OPTIONS")) {
resp.setStatus(HttpServletResponse.SC_ACCEPTED);
return;
}
// pass the request along the filter chain
chain.doFilter(request, servletResponse);
}
public void init(FilterConfig fConfig) throws ServletException {
}
}