Web开发跨域请求控制
前端
$.ajax({
url : 'http://ip:port/corsrequest',
data : data,
dataType: 'json',
type : 'POST',
xhrFields: {
// 该设置使Request header中会带上Cookie 信息
withCredentials: true
},
// 该设置允许前端进行跨域请求
crossDomain: true,
contentType: "application/json",
...
服务器端
@RequestMapping(value = "/corsrequest")
@ResponseBody
public Map<String, Object> getUserBaseInfo(HttpServletResponse response) {
// 允许所有域名访问
// response.setHeader("Access-Control-Allow-Origin", "*");
// 设置灵活的方式,允许所有包含 “mydomain.com” 的域名访问
if(request.getHeader("Origin").contains("mydomain.com")) {
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
}
response.setHeader("Access-Control-Allow-Credentials", "true");
...
}