跨域问题

src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/web/CorsFilter.java

 package cn.quantgroup.cashloanflowboss.core.configuration.web;
 
+import lombok.extern.slf4j.Slf4j;
+
 import javax.servlet.*;
 import javax.servlet.annotation.WebFilter;
 import javax.servlet.http.HttpServletRequest;
@@ -11,6 +13,7 @@ import java.io.IOException;
  * @author:tao
  * @create: 2020-01-06 18:50
  */
+@Slf4j
 @WebFilter(urlPatterns = "/*", filterName = "CORSFilter")
 public class CorsFilter implements Filter {
 
@@ -24,12 +27,23 @@ public class CorsFilter implements Filter {
     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
         HttpServletRequest req = (HttpServletRequest) servletRequest;
         HttpServletResponse resp = (HttpServletResponse) servletResponse;
+        log.info("CORSFilter");
         String origin = req.getHeader("Origin");
         if(origin == null) {
             origin = req.getHeader("Referer");
         }
         resp.setHeader("Access-Control-Allow-Origin", origin);//这里不能写*，*代表接受所有域名访问，如写*则下面一行代码无效。谨记
         resp.setHeader("Access-Control-Allow-Credentials", "true");//true代表允许携带cookie
+        //允许请求的类型
+        resp.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH");
+        //允许的请求头字段
+        resp.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
+        //设置预检请求的有效期
+        //浏览器同源策略：出于安全考虑，浏览器限制跨域的http请求。怎样限制呢？通过发送两次请求：预检请求、用户请求。
+        //1、预检请求作用：获知服务器是否允许该跨域请求：如果允许，才发起第二次真实的请求；如果不允许，则拦截第二次请求
+        //2、单位:s,在此期间不用发送预检请求。
+        //3、若为0：表示每次请求都发送预检请求,每个ajax请求之前都会先发送预检请求。
+        resp.setHeader("Access-Control-Max-Age", "3600");
         filterChain.doFilter(servletRequest,servletResponse);
     }