From 04c73e6efee973b7cfcfb5b3587bc6decd702757 Mon Sep 17 00:00:00 2001
From: whycxzp <glperry@163.com>
Date: 星期四, 16 十一月 2023 10:05:08 +0800
Subject: [PATCH] 跨域设置

---
 src/main/java/com/whyc/filter/CrossDomainFilter.java |   27 +++++++++++++++++++++------
 1 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/src/main/java/com/whyc/filter/CrossDomainFilter.java b/src/main/java/com/whyc/filter/CrossDomainFilter.java
index 8f218eb..f4a4a4d 100644
--- a/src/main/java/com/whyc/filter/CrossDomainFilter.java
+++ b/src/main/java/com/whyc/filter/CrossDomainFilter.java
@@ -1,11 +1,17 @@
 package com.whyc.filter;
 
+import com.whyc.constant.YamlProperties;
+import org.apache.commons.lang3.StringUtils;
+
 import javax.servlet.*;
 import javax.servlet.annotation.WebFilter;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.Arrays;
+import java.util.LinkedList;
+import java.util.List;
 
 /**
  * @Description :
@@ -25,12 +31,21 @@
         HttpServletResponse resp= (HttpServletResponse) response;
         HttpServletRequest req= (HttpServletRequest) request;
         String origin = req.getHeader("Origin");
-        // String origin = "http://localhost:8080";
-        resp.setHeader("Access-Control-Allow-Origin", origin);
-        resp.setHeader("Access-Control-Allow-Headers", "X-Requested-With,content-type,token");
-        resp.setHeader("Access-Control-Expose-Headers", "content-disposition");
-        resp.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH");
-        resp.setHeader("Access-Control-Allow-Credentials", "true");
+        if(StringUtils.isNotBlank(origin)) { //娌℃湁origin鏉ユ簮,涓嶅厑璁歌法鍩熻缃�
+            String allowedCORSDomainList = YamlProperties.allowedCORSDomainList;
+            List<String> allowedList = new LinkedList<>();
+            if (!allowedCORSDomainList.equals("")) { //瀛樺湪璺ㄥ煙鐧藉悕鍗�,鍒ゆ柇,璁剧疆
+                String[] allowedCORSDomain = allowedCORSDomainList.split(",");
+                allowedList = Arrays.asList(allowedCORSDomain);
+                if (allowedList.contains(origin)) {
+                    resp.setHeader("Access-Control-Allow-Origin", origin);
+                    resp.setHeader("Access-Control-Allow-Headers", "X-Requested-With,content-type,token");
+                    //resp.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH");
+                    resp.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, PATCH");
+                    resp.setHeader("Access-Control-Allow-Credentials", "true");
+                }
+            }
+        }
 
         //澶勭悊鍝嶅簲澶寸己澶�,淇℃伅婕忔礊
         resp.addHeader("X-Frame-Options","SAMEORIGIN");

--
Gitblit v1.9.1