|
|
@@ -35,21 +35,21 @@ public class SessionFilter implements Filter {
|
|
|
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
|
|
|
HttpServletResponse httpServletResponse = (HttpServletResponse)servletResponse;
|
|
|
HttpServletRequest request = (HttpServletRequest)servletRequest;
|
|
|
-// String origin = request.getHeader("Origin");
|
|
|
-// if(origin == null) {
|
|
|
-// origin = request.getHeader("Referer");
|
|
|
-// }
|
|
|
-// // 允许指定域访问跨域资源(这里不能写*,*代表接受所有域名访问,如写*则下面一行代码无效。谨记)
|
|
|
-// httpServletResponse.setHeader("Access-Control-Allow-Origin", origin);
|
|
|
+ if(request.getMethod().toUpperCase().equals(RestRequest.Method.OPTIONS.name())){
|
|
|
+ return;
|
|
|
+ }
|
|
|
+ String origin = request.getHeader("Origin");
|
|
|
+ if(origin == null) {
|
|
|
+ origin = request.getHeader("Referer");
|
|
|
+ }
|
|
|
+ // 允许指定域访问跨域资源(这里不能写*,*代表接受所有域名访问,如写*则下面一行代码无效。谨记)
|
|
|
+ httpServletResponse.setHeader("Access-Control-Allow-Origin", origin);
|
|
|
// //true代表允许客户端携带cookie(此时origin值不能为“*”,只能为指定单一域名)
|
|
|
// httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
|
|
|
// /// 允许浏览器在预检请求成功之后发送的实际请求方法名
|
|
|
// httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH");
|
|
|
// // 允许浏览器发送的请求消息头
|
|
|
// httpServletResponse.setHeader("Access-Control-Allow-Headers", "Authorization,Origin, X-Requested-With, Content-Type, Accept,Access-Token");
|
|
|
- if(request.getMethod().toUpperCase().equals(RestRequest.Method.OPTIONS.name())){
|
|
|
- return;
|
|
|
- }
|
|
|
|
|
|
String path = request.getRequestURI().substring(request.getContextPath().length()).replaceAll("[/]+$", "");
|
|
|
boolean allowedPath = ALLOWED_PATHS.contains(path);
|
