| | |
|---|
| | | allowedList = Arrays.asList(allowedCORSDomain); |
|---|
| | | if (allowedList.contains(origin)) { |
|---|
| | | resp.setHeader("Access-Control-Allow-Origin", origin); |
|---|
| | | resp.setHeader("Access-Control-Allow-Headers", "X-Requested-With,content-type,token,content-disposition"); |
|---|
| | | resp.setHeader("Access-Control-Allow-Headers", "X-Requested-With,content-type,token"); |
|---|
| | | //resp.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH"); |
|---|
| | | //resp.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, PATCH"); |
|---|
| | | resp.setHeader("Access-Control-Allow-Methods", "GET, POST"); |
|---|
| | |
|---|
| | | resp.setHeader("X-XSS-Protection","1; mode=block"); |
|---|
| | | resp.setHeader("X-Download-Options","noopen"); |
|---|
| | | resp.setHeader("Strict-Transport-Security","max-age=63072000; includeSubdomains; preload"); |
|---|
| | | |
|---|
| | | resp.setHeader("Access-Control-Expose-Headers", "Content-Disposition"); |
|---|
| | | //单页面应用,只允许一个页面index.html |
|---|
| | | String servletPath = req.getServletPath(); |
|---|
| | | if(servletPath.contains(".html")){ |
|---|
