自动为每个响应添加标题 [英] automatically add header to every response

问题描述

每当我的应用程序中的休息控制器请求允许跨源资源共享时，我想将此标头Access-Control-Allow-Origin"、*"添加到对客户端的每个响应中像这样手动将此标头添加到每个方法中

I want to add this header "Access-Control-Allow-Origin", "*" to every response made to the client whenever a request has made for rest controllers in my application to allow cross origin resource sharing Currently I 'm manually adding this header to each and every method like this

HttpHeaders headers = new HttpHeaders();
headers.add("Access-Control-Allow-Origin", "*");

它的工作，但它非常令人沮丧.我在 spring 文档中找到了 webContentInterceptor，它允许我们修改每个响应的标题

Its working but its very frustrating . I found webContentInterceptor in spring docs which allow us to modify headers on each response

<mvc:interceptors>
<bean id="webContentInterceptor" 
class="org.springframework.web.servlet.mvc.WebContentInterceptor">
<property name="Access-Control-Allow-Origin" value="*"/>
</bean>
</mvc:interceptors>

但是当我使用它时，它会抛出错误，即找不到名称为 Access-Control-Allow-Origin 的属性，所以有没有其他方法可以自动将标题添加到每个响应中

but when i use this it throws error that property not found of name Access-Control-Allow-Origin so is there any other way we can automatically add header to every response

更新！Spring 框架 4.2 通过向方法或控制器本身添加 @CrossOrigin 注释大大简化了这一点https://spring.io/blog/2015/06/08/cors-support-in-spring-framework

Update ! Spring framework 4.2 greatly simplifies this by adding @CrossOrigin annotation to either a method or a controller itself https://spring.io/blog/2015/06/08/cors-support-in-spring-framework

推荐答案

我最近遇到了这个问题并找到了这个解决方案.您可以使用过滤器添加这些标题:

I recently got into this issue and found this solution. You can use a filter to add these headers :

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.filter.OncePerRequestFilter;

public class CorsFilter extends OncePerRequestFilter {

    @Override
    protected void doFilterInternal(HttpServletRequest request,
                                    HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {
            response.addHeader("Access-Control-Allow-Origin", "*");
            if (request.getHeader("Access-Control-Request-Method") != null
                    && "OPTIONS".equals(request.getMethod())) {
                // CORS "pre-flight" request
                response.addHeader("Access-Control-Allow-Methods",
                        "GET, POST, PUT, DELETE");
                response.addHeader("Access-Control-Allow-Headers",
                        "X-Requested-With,Origin,Content-Type, Accept");
            }
            filterChain.doFilter(request, response);
    }

}

不要忘记将过滤器添加到您的 spring 上下文中:

Don't forget add the filter to your spring context:

<bean id="corsFilter" class="my.package.CorsFilter" />

以及web.xml中的映射:

and the mapping in the web.xml:

<filter>
    <filter-name>corsFilter</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>corsFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

更进一步，您可以指定一个 Spring 配置文件来启用或禁用此过滤器，如下所示:

To go a little further you can specify a Spring profile to enable or disable this filter with something like that:

<beans profile="!cors">
    <bean id="corsFilter" class="my.package.FilterChainDoFilter" />
</beans>

<beans profile="cors">
    <bean id="corsFilter" class="my.package.CorsFilter" />
</beans>

(提供类似于 CorsFilter 的 FilterChainDoFilter，但它只在 doFilterInternal(..) 中执行 filterChain.doFilter(request, response);)

(providing the FilterChainDoFilter similar to the CorsFilter but which only does filterChain.doFilter(request, response); in the doFilterInternal(..))

这篇关于自动为每个响应添加标题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！