Refactor Cors configuration

2019-02-20 18:26:34 +08:00 · 2019-02-20 18:26:34 +08:00 · ef38480dd7
parent b66637a6c8
commit ef38480dd7
2 changed files with 71 additions and 15 deletions
--- a/src/main/java/cc/ryanc/halo/config/WebMvcAutoConfiguration.java
+++ b/src/main/java/cc/ryanc/halo/config/WebMvcAutoConfiguration.java
@ -1,15 +1,18 @@
 package cc.ryanc.halo.config;

+import cc.ryanc.halo.filter.CorsFilter;
 import cc.ryanc.halo.web.interceptor.ApiInterceptor;
 import cc.ryanc.halo.web.interceptor.InstallInterceptor;
 import cc.ryanc.halo.web.interceptor.LocaleInterceptor;
 import cc.ryanc.halo.web.interceptor.LoginInterceptor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
+import org.springframework.core.Ordered;
 import org.springframework.web.servlet.LocaleResolver;
 import org.springframework.web.servlet.config.annotation.*;
 import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
@ -92,24 +95,40 @@ public class WebMvcAutoConfiguration implements WebMvcConfigurer {
                .addResourceLocations("file:///" + System.getProperties().getProperty("user.home") + "/halo/backup/");
    }

+//    /**
+//     * 跨域
+//     *
+//     * @param registry registry
+//     */
+//    @Override
+//    public void addCorsMappings(CorsRegistry registry) {
+//        registry.addMapping("/api/**")
+//                .allowedHeaders("*")
+//                .allowedOrigins("*")
+//                .allowedMethods("GET", "POST")
+//                .exposedHeaders("access-control-allow-headers",
+//                        "access-control-allow-methods",
+//                        "access-control-allow-origin",
+//                        "access-control-max-age",
+//                        "X-Frame-Options",
+//                        "token")
+//                .allowCredentials(false).maxAge(3600);
+//    }
+
    /**
-     * 跨域
+     * Creates a CorsFilter.
     *
-     * @param registry registry
+     * @return Cors filter registration bean
     */
-    @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/api/**")
-                .allowedHeaders("*")
-                .allowedOrigins("*")
-                .allowedMethods("GET", "POST")
-                .exposedHeaders("access-control-allow-headers",
-                        "access-control-allow-methods",
-                        "access-control-allow-origin",
-                        "access-control-max-age",
-                        "X-Frame-Options",
-                        "token")
-                .allowCredentials(false).maxAge(3600);
+    @Bean
+    FilterRegistrationBean<CorsFilter> corsFilter() {
+        FilterRegistrationBean<CorsFilter> corsFilter = new FilterRegistrationBean<>();
+
+        corsFilter.setOrder(Ordered.HIGHEST_PRECEDENCE);
+        corsFilter.setFilter(new CorsFilter());
+        corsFilter.addUrlPatterns("/api/*");
+
+        return corsFilter;
    }

    /**
--- a/src/main/java/cc/ryanc/halo/filter/CorsFilter.java
+++ b/src/main/java/cc/ryanc/halo/filter/CorsFilter.java
@ -0,0 +1,37 @@
+package cc.ryanc.halo.filter;
+
+import org.springframework.http.HttpHeaders;
+import org.springframework.web.cors.CorsUtils;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * Filter for CORS.
+ *
+ * @author johnniang
+ */
+public class CorsFilter extends OncePerRequestFilter {
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
+
+        // Set customized header
+        httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*");
+        httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "*");
+        httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, PUT, DELETE, OPTION");
+        httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "false");
+        httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "3600");
+
+        if (CorsUtils.isPreFlightRequest(httpServletRequest)) {
+            return;
+        }
+
+        filterChain.doFilter(httpServletRequest, httpServletResponse);
+    }
+
+}