1、在和axios联调鉴权的时候发现,在增加自定义header的时候会出现跨域问题
2、因为是跨域请求,前端会首先发送一个options的嗅探请求,一次真正的请求 所以会出现两个403
3、网关之前设置的是全局filter
刚开始看了
package com.xxx.filter;
import com.alibaba.fastjson.JSONObject;
import com.xxx.common.constant.SeparationStr;
import com.xxx.common.constants.Rediskeyss;
import com.xxx.common.constants.SessionConstant;
import com.xxx.common.rest.model.resp.SimpleResult;
import com.xxx.common.utils.RedisUtil;
import com.xxx.common.utils.TokenUtil;
import org.apache.commons.lang.StringEscapeUtils;
import org.reactivestreams.Publisher;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.core.io.buffer.DataBufferFactory;
import org.springframework.core.io.buffer.DataBufferUtils;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.http.server.reactive.ServerHttpResponseDecorator;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;
import java.nio.charset.Charset;
/**
* @ClassName WrapperResponseGlobalFilter
* @Description 全局过滤器,用来修改response和处理数据
* @Date 2019/8/28 9:46
**/
@Component
public class WrapperResponseGlobalFilter implements GlobalFilter, Ordered {
private static final String ALL = "*";
private static final String MAX_AGE = "18000L";
@Override
public Mono<Void> filter(ServerWebExchange serverWebExchange, GatewayFilterChain gatewayFilterChain) {
ServerHttpRequest request = serverWebExchange.getRequest();
// if (!CorsUtils.isCorsRequest(request)) {
// return gatewayFilterChain.filter(serverWebExchange);
// }
ServerHttpResponse response = serverWebExchange.getResponse();
HttpHeaders headers = response.getHeaders();
headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*");
headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "POST, GET, PUT, OPTIONS, DELETE, PATCH");
headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "*");
headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, ALL);
headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, MAX_AGE);
if (request.getMethod() == HttpMethod.OPTIONS) {
response.setStatusCode(HttpStatus.OK);
return Mono.empty();
}
return gatewayFilterChain.filter(serverWebExchange);
}
@Override
public int getOrder() {
return -2;
}
}
然而并木有什么卵用,各位大兄弟们,为什么都喜欢复制粘贴啊?害人害己啊!
看起来没问题,但在前端请求的时候根本就没有进入到这里,就直接拒绝了。
之后又想了下是否是容器层给拒绝了,由于gateway确实用的人比较少,百度了半天都是互相抄的文章,半天有用的没有,只能采用老的办法了。结果发现根源在Webflux上边,由于gateway使用的是webflux,而不是springmvc,从gateway的filter里边设置cors就行了。
package com.xxx.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.reactive.CorsWebFilter;
import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
import org.springframework.web.util.pattern.PathPatternParser;
/**
* @ClassName CorsConfig
* @Description gateway跨域配置
* @Date 2019/9/5 14:00
**/
@Configuration
public class CorsConfig {
@Bean
public CorsWebFilter corsFilter() {
CorsConfiguration config = new CorsConfiguration();
config.addAllowedMethod("*");
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(new PathPatternParser());
source.registerCorsConfiguration("/**", config);
return new CorsWebFilter(source);
}
}
真心希望大家不要随便 copy ,亲自验证过再发出来分享撒。
我是进阶的球儿,大家一起2019年的爬坑历程。感觉分享很给力的话给个赞,谢谢!!!有问题也可以下方留言沟通。
