我们正在尝试在tomcat上实施CORS过滤器,以允许跨域请求。我们在两个不同的tomcat(不同的机器)上都有两个GWT项目。阅读了CORS过滤器文档CORS之后,我刚刚在tomcat的web.xml文件中添加了CORS过滤器。
`<filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> <init-param> <param-name>cors.allowed.origins</param-name> <param-value>*</param-value> </init-param> <init-param> <param-name>cors.allowed.methods</param-name> <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value> </init-param> <init-param> <param-name>cors.allowed.headers</param-name> <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value> </init-param> <init-param> <param-name>cors.exposed.headers</param-name> <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value> </init-param> <init-param> <param-name>cors.support.credentials</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>cors.preflight.maxage</param-name> <param-value>10</param-value> </init-param> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>`
但是它不起作用。我遇到了另一个与此相关的堆栈问题,但是有点困惑如何在GWT中实现过滤器?
用GWT实施CORS过滤器的实际程序是什么?
Filter像下面这样在服务器端扩展并添加类: 注意:这只是一个简单的示例,可以帮助您开始。告知自己有关的安全隐患,如果你不配置它以正确的方式… 检查的最后一部分,这篇文章
Filter
public class CORSFilter implements Filter { // For security reasons set this regex to an appropriate value // example: ".*example\\.com" private static final String ALLOWED_DOMAINS_REGEXP = ".*"; public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) servletRequest; HttpServletResponse resp = (HttpServletResponse) servletResponse; String origin = req.getHeader("Origin"); if (origin != null && origin.matches(ALLOWED_DOMAINS_REGEXP)) { resp.addHeader("Access-Control-Allow-Origin", origin); if ("options".equalsIgnoreCase(req.getMethod())) { resp.setHeader("Allow", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS"); if (origin != null) { String headers = req.getHeader("Access-Control-Request-Headers"); String method = req.getHeader("Access-Control-Request-Method"); resp.addHeader("Access-Control-Allow-Methods", method); resp.addHeader("Access-Control-Allow-Headers", headers); // optional, only needed if you want to allow cookies. resp.addHeader("Access-Control-Allow-Credentials", "true"); resp.setContentType("text/x-gwt-rpc"); } resp.getWriter().flush(); return; } } // Fix ios6 caching post requests if ("post".equalsIgnoreCase(req.getMethod())) { resp.addHeader("Cache-Control", "no-cache"); } if (filterChain != null) { filterChain.doFilter(req, resp); } } @Override public void destroy() { } @Override public void init(FilterConfig arg0) throws ServletException { } }
不要忘记Filter在Web.xml(在WAR文件内,而不是tomcat web.xml内)文件中添加。
<filter> <filter-name>corsFilter</filter-name> <filter-class><YourProjectPath>.CORSFilter</filter-class> </filter> <filter-mapping> <filter-name>corsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
