跨域设置

whycxzp

2023-11-16 04c73e6efee973b7cfcfb5b3587bc6decd702757

跨域设置

 src/main/java/com/whyc/constant/YamlProperties.java

@@ -49,7 +49,13 @@
    public static String ftpUserName;
    public static String ftpPassword;

    /**跨域白名单*/
    public static String allowedCORSDomainList;

    @Value("${custom.cors}")
    public void setAllowedCORSDomainList(String allowedCORSDomainList) {
        YamlProperties.allowedCORSDomainList = allowedCORSDomainList;
    }
    @Value("${spring.profiles.active}")
    public void setProfileType(String profileType) {
        YamlProperties.profileType = profileType;

 src/main/java/com/whyc/filter/CrossDomainFilter.java

@@ -1,11 +1,17 @@
package com.whyc.filter;

import com.whyc.constant.YamlProperties;
import org.apache.commons.lang3.StringUtils;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;

/**
 * @Description :
@@ -25,12 +31,21 @@
        HttpServletResponse resp= (HttpServletResponse) response;
        HttpServletRequest req= (HttpServletRequest) request;
        String origin = req.getHeader("Origin");
        // String origin = "http://localhost:8080";
        resp.setHeader("Access-Control-Allow-Origin", origin);
        resp.setHeader("Access-Control-Allow-Headers", "X-Requested-With,content-type,token");
        resp.setHeader("Access-Control-Expose-Headers", "content-disposition");
        resp.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH");
        resp.setHeader("Access-Control-Allow-Credentials", "true");
        if(StringUtils.isNotBlank(origin)) { //没有origin来源,不允许跨域设置
            String allowedCORSDomainList = YamlProperties.allowedCORSDomainList;
            List<String> allowedList = new LinkedList<>();
            if (!allowedCORSDomainList.equals("")) { //存在跨域白名单,判断,设置
                String[] allowedCORSDomain = allowedCORSDomainList.split(",");
                allowedList = Arrays.asList(allowedCORSDomain);
                if (allowedList.contains(origin)) {
                    resp.setHeader("Access-Control-Allow-Origin", origin);
                    resp.setHeader("Access-Control-Allow-Headers", "X-Requested-With,content-type,token");
                    //resp.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH");
                    resp.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, PATCH");
                    resp.setHeader("Access-Control-Allow-Credentials", "true");
                }
            }
        }

        //处理响应头缺失,信息漏洞
        resp.addHeader("X-Frame-Options","SAMEORIGIN");

 src/main/resources/config/application-dev.yml

@@ -17,7 +17,7 @@
  datasource:
    type: com.alibaba.druid.pool.DruidDataSource
    driver-class-name: com.mysql.cj.jdbc.Driver
    url: jdbc:mysql://192.168.10.82:3371/db_user?characterEncoding=utf8&serverTimezone=Asia/Shanghai&allowMultiQueries=true&rewriteBatchedStatements=true
    url: jdbc:mysql://192.168.10.82:3381/db_user?characterEncoding=utf8&serverTimezone=Asia/Shanghai&allowMultiQueries=true&rewriteBatchedStatements=true
    username: root
    password: whyc3217
    maxIdel: 60
@@ -92,6 +92,8 @@
  #告警工单
  alarm:
    task.switch: off
  #允许跨域的白名单 http://192.168.10.132:8080,http://192.168.10.109:8080
  cors: http://localhost:8080

#Config文件读取 涉及License和FGCDFileDownload
configFile:

 src/main/resources/config/application-prod.yml

@@ -92,7 +92,8 @@
  #告警工单
  alarm:
    task.switch: off

  #允许跨域的白名单 http://192.168.10.132:8080,http://192.168.10.109:8080
  cors: http://localhost:8080
#Config文件读取 涉及License和FGCDFileDownload
configFile:
  type: 2 #1:本地测试；2：打包jar