| | |
|---|
| | | HttpServletResponse resp= (HttpServletResponse) response; |
|---|
| | | HttpServletRequest req= (HttpServletRequest) request; |
|---|
| | | String origin = req.getHeader("Origin"); |
|---|
| | | if(StringUtils.isNotBlank(origin)) { //没有origin来源,不允许跨域设置 |
|---|
| | | /*if(StringUtils.isNotBlank(origin)) { //没有origin来源,不允许跨域设置 |
|---|
| | | String allowedCORSDomainList = YamlProperties.allowedCORSDomainList; |
|---|
| | | List<String> allowedList = new LinkedList<>(); |
|---|
| | | if (!allowedCORSDomainList.equals("")) { //存在跨域白名单,判断,设置 |
|---|
| | |
|---|
| | | resp.setHeader("Access-Control-Allow-Credentials", "true"); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | /* resp.setHeader("Access-Control-Allow-Origin", "*"); |
|---|
| | | }*/ |
|---|
| | | resp.setHeader("Access-Control-Allow-Origin", origin); |
|---|
| | | resp.setHeader("Access-Control-Allow-Headers", "X-Requested-With,content-type,token"); |
|---|
| | | resp.setHeader("Access-Control-Allow-Methods", "GET, POST"); |
|---|
| | | resp.setHeader("Access-Control-Allow-Credentials", "true");*/ |
|---|
| | | resp.setHeader("Access-Control-Allow-Credentials", "true"); |
|---|
| | | //只准使用GET,POST |
|---|
| | | /* String method = req.getMethod().toUpperCase(); |
|---|
| | | String profileType = YamlProperties.profileType; |
|---|
