diff --git a/src/main/java/cc/ryanc/halo/config/WebMvcAutoConfiguration.java b/src/main/java/cc/ryanc/halo/config/WebMvcAutoConfiguration.java index 27e4737c8..52c5f3b94 100644 --- a/src/main/java/cc/ryanc/halo/config/WebMvcAutoConfiguration.java +++ b/src/main/java/cc/ryanc/halo/config/WebMvcAutoConfiguration.java @@ -1,15 +1,18 @@ package cc.ryanc.halo.config; +import cc.ryanc.halo.filter.CorsFilter; import cc.ryanc.halo.web.interceptor.ApiInterceptor; import cc.ryanc.halo.web.interceptor.InstallInterceptor; import cc.ryanc.halo.web.interceptor.LocaleInterceptor; import cc.ryanc.halo.web.interceptor.LoginInterceptor; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; +import org.springframework.core.Ordered; import org.springframework.web.servlet.LocaleResolver; import org.springframework.web.servlet.config.annotation.*; import org.springframework.web.servlet.i18n.LocaleChangeInterceptor; @@ -92,24 +95,40 @@ public class WebMvcAutoConfiguration implements WebMvcConfigurer { .addResourceLocations("file:///" + System.getProperties().getProperty("user.home") + "/halo/backup/"); } +// /** +// * 跨域 +// * +// * @param registry registry +// */ +// @Override +// public void addCorsMappings(CorsRegistry registry) { +// registry.addMapping("/api/**") +// .allowedHeaders("*") +// .allowedOrigins("*") +// .allowedMethods("GET", "POST") +// .exposedHeaders("access-control-allow-headers", +// "access-control-allow-methods", +// "access-control-allow-origin", +// "access-control-max-age", +// "X-Frame-Options", +// "token") +// .allowCredentials(false).maxAge(3600); +// } + /** - * 跨域 + * Creates a CorsFilter. * - * @param registry registry + * @return Cors filter registration bean */ - @Override - public void addCorsMappings(CorsRegistry registry) { - registry.addMapping("/api/**") - .allowedHeaders("*") - .allowedOrigins("*") - .allowedMethods("GET", "POST") - .exposedHeaders("access-control-allow-headers", - "access-control-allow-methods", - "access-control-allow-origin", - "access-control-max-age", - "X-Frame-Options", - "token") - .allowCredentials(false).maxAge(3600); + @Bean + FilterRegistrationBean corsFilter() { + FilterRegistrationBean corsFilter = new FilterRegistrationBean<>(); + + corsFilter.setOrder(Ordered.HIGHEST_PRECEDENCE); + corsFilter.setFilter(new CorsFilter()); + corsFilter.addUrlPatterns("/api/*"); + + return corsFilter; } /** diff --git a/src/main/java/cc/ryanc/halo/filter/CorsFilter.java b/src/main/java/cc/ryanc/halo/filter/CorsFilter.java new file mode 100644 index 000000000..dd8a057e3 --- /dev/null +++ b/src/main/java/cc/ryanc/halo/filter/CorsFilter.java @@ -0,0 +1,37 @@ +package cc.ryanc.halo.filter; + +import org.springframework.http.HttpHeaders; +import org.springframework.web.cors.CorsUtils; +import org.springframework.web.filter.OncePerRequestFilter; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/** + * Filter for CORS. + * + * @author johnniang + */ +public class CorsFilter extends OncePerRequestFilter { + + @Override + protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException { + + // Set customized header + httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*"); + httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "*"); + httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, PUT, DELETE, OPTION"); + httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "false"); + httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "3600"); + + if (CorsUtils.isPreFlightRequest(httpServletRequest)) { + return; + } + + filterChain.doFilter(httpServletRequest, httpServletResponse); + } + +}