| package com.jilongda.common.config; | 
|   | 
| import org.springframework.context.annotation.Bean; | 
| import org.springframework.context.annotation.Configuration; | 
| import org.springframework.http.HttpHeaders; | 
| import org.springframework.http.HttpMethod; | 
| import org.springframework.http.HttpStatus; | 
| import org.springframework.http.server.reactive.ServerHttpRequest; | 
| import org.springframework.http.server.reactive.ServerHttpResponse; | 
| import org.springframework.web.cors.CorsConfiguration; | 
| import org.springframework.web.cors.UrlBasedCorsConfigurationSource; | 
| import org.springframework.web.cors.reactive.CorsUtils; | 
| import org.springframework.web.filter.CorsFilter; | 
| import org.springframework.web.server.ServerWebExchange; | 
| import org.springframework.web.server.WebFilter; | 
| import org.springframework.web.server.WebFilterChain; | 
| import reactor.core.publisher.Mono; | 
|   | 
| import java.util.Collections; | 
|   | 
| /** | 
|  * 实现基本的跨域请求 | 
|  * 2.4.0 通多配置 | 
|  * | 
|  * @author xiaochen | 
|  * @Override public void addCorsMappings(CorsRegistry registry) { | 
|  * registry.addMapping("/**") | 
|  * // SpringBoot2.4.0 [allowedOriginPatterns]代替[allowedOrigins] | 
|  * .allowedOriginPatterns("*") | 
|  * .allowedMethods("*") | 
|  * .maxAge(3600) | 
|  * .allowCredentials(true); | 
|  * } | 
|  */ | 
| @Configuration | 
| public class CorsConfig { | 
|   | 
|     private static final String ALLOWED_HEADERS = "X-Requested-With, Content-Type, Authorization, credential, X-XSRF-TOKEN, token, username, client, request-origion"; | 
|     private static final String ALLOWED_METHODS = "GET,POST,PUT,DELETE"; | 
|     private static final String ALLOWED_ORIGIN = "*"; | 
|     private static final String ALLOWED_EXPOSE = "*"; | 
|     private static final String MAX_AGE = "18000L"; | 
|   | 
|     private CorsConfiguration buildConfig() { | 
|         CorsConfiguration corsConfiguration = new CorsConfiguration(); | 
|         //1.允许任何来源 | 
|         corsConfiguration.setAllowedOriginPatterns(Collections.singletonList("*")); | 
|         //2.允许任何请求头 | 
|         corsConfiguration.addAllowedHeader(CorsConfiguration.ALL); | 
|         //3.允许任何方法 | 
|         corsConfiguration.addAllowedMethod(CorsConfiguration.ALL); | 
|         //4.允许凭证 | 
|         corsConfiguration.setAllowCredentials(true); | 
|         return corsConfiguration; | 
|     } | 
|   | 
|     @Bean | 
|     public WebFilter corsFilter() { | 
|         return (ServerWebExchange ctx, WebFilterChain chain) -> { | 
|             ServerHttpRequest request = ctx.getRequest(); | 
|             if (CorsUtils.isCorsRequest(request)) | 
|             { | 
|                 ServerHttpResponse response = ctx.getResponse(); | 
|                 HttpHeaders headers = response.getHeaders(); | 
|                 headers.add("Access-Control-Allow-Headers", ALLOWED_HEADERS); | 
|                 headers.add("Access-Control-Allow-Methods", ALLOWED_METHODS); | 
|                 headers.add("Access-Control-Allow-Origin", ALLOWED_ORIGIN); | 
|                 headers.add("Access-Control-Expose-Headers", ALLOWED_EXPOSE); | 
|                 headers.add("Access-Control-Max-Age", MAX_AGE); | 
|                 headers.add("Access-Control-Allow-Credentials", "false"); | 
|                 if (request.getMethod() == HttpMethod.OPTIONS) | 
|                 { | 
|                     response.setStatusCode(HttpStatus.OK); | 
|                     return Mono.empty(); | 
|                 } | 
|             } | 
|             return chain.filter(ctx); | 
|         }; | 
|     } | 
|   | 
| } |