自动向每个响应添加标头 [英] automatically add header to every response
问题描述
我想添加这个标题访问控制允许原始,*到每一个响应作出给客户端每当一个请求已经使我的应用程序中的rest控制器允许跨源资源共享目前我'm手动将此标头添加到每个方法,例如
I want to add this header "Access-Control-Allow-Origin", "*" to every response made to the client whenever a request has made for rest controllers in my application to allow cross origin resource sharing Currently I 'm manually adding this header to each and every method like this
HttpHeaders headers = new HttpHeaders();
headers.add("Access-Control-Allow-Origin", "*");
它的工作但非常令人沮丧。我在spring docs中找到了webContentInterceptor,它允许我们修改每个响应的标题。
Its working but its very frustrating . I found webContentInterceptor in spring docs which allow us to modify headers on each response
<mvc:interceptors>
<bean id="webContentInterceptor"
class="org.springframework.web.servlet.mvc.WebContentInterceptor">
<property name="Access-Control-Allow-Origin" value="*"/>
</bean>
</mvc:interceptors>
但是当我使用它时,会抛出一个错误,找不到名为Access-Control-Allow-Origin所以有任何其他方式,我们可以自动添加标题到每个响应
but when i use this it throws error that property not found of name Access-Control-Allow-Origin so is there any other way we can automatically add header to every response
更新! Spring框架4.2通过向方法或控制器本身添加@CrossOrigin注释大大简化了这一点 https://spring.io/blog/2015/06/08/cors-support-in-spring-framework
Update ! Spring framework 4.2 greatly simplifies this by adding @CrossOrigin annotation to either a method or a controller itself https://spring.io/blog/2015/06/08/cors-support-in-spring-framework
推荐答案
我最近遇到了这个问题,并找到了这个解决方案。
您可以使用过滤器添加这些头:
I recently got into this issue and found this solution. You can use a filter to add these headers :
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.filter.OncePerRequestFilter;
public class CorsFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
response.addHeader("Access-Control-Allow-Origin", "*");
if (request.getHeader("Access-Control-Request-Method") != null
&& "OPTIONS".equals(request.getMethod())) {
// CORS "pre-flight" request
response.addHeader("Access-Control-Allow-Methods",
"GET, POST, PUT, DELETE");
response.addHeader("Access-Control-Allow-Headers",
"X-Requested-With,Origin,Content-Type, Accept");
}
filterChain.doFilter(request, response);
}
}
不要忘记添加过滤器到你的spring上下文:
Don't forget add the filter to your spring context:
<bean id="corsFilter" class="my.package.CorsFilter" />
和web.xml中的映射:
and the mapping in the web.xml:
<filter>
<filter-name>corsFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>corsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
要更进一步,你可以指定一个Spring配置文件来启用或禁用这个过滤器:
To go a little further you can specify a Spring profile to enable or disable this filter with something like that:
<beans profile="!cors">
<bean id="corsFilter" class="my.package.FilterChainDoFilter" />
</beans>
<beans profile="cors">
<bean id="corsFilter" class="my.package.CorsFilter" />
</beans>
(提供FilterChainDoFilter类似于CorsFilter,但只有 filterChain.doFilter (request,response);
在doFilterInternal(..)中)
(providing the FilterChainDoFilter similar to the CorsFilter but which only does filterChain.doFilter(request, response);
in the doFilterInternal(..))
这篇关于自动向每个响应添加标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!