zjs 1 ヶ月 前
コミット
63af0d6819
共有2 個のファイルを変更した18 個の追加2 個の削除を含む
  1. 4 0
      ruoyi-common/pom.xml
  2. 14 2
      ruoyi-common/src/main/java/com/ruoyi/common/filter/RestCorsFilter.java

+ 4 - 0
ruoyi-common/pom.xml

@@ -227,6 +227,10 @@
227 227
             <artifactId>cas-client-autoconfig-support</artifactId>
228 228
             <version>2.0.0-GA</version>
229 229
         </dependency>
230
+        <dependency>
231
+            <groupId>org.springframework</groupId>
232
+            <artifactId>spring-webmvc</artifactId>
233
+        </dependency>
230 234
     </dependencies>
231 235
 
232 236
 </project>

+ 14 - 2
ruoyi-common/src/main/java/com/ruoyi/common/filter/RestCorsFilter.java

@@ -8,6 +8,9 @@ import javax.servlet.*;
8 8
 import javax.servlet.http.HttpServletRequest;
9 9
 import javax.servlet.http.HttpServletResponse;
10 10
 import java.io.IOException;
11
+import java.util.Arrays;
12
+import java.util.HashSet;
13
+import java.util.Set;
11 14
 
12 15
 @Component
13 16
 @Order(Ordered.HIGHEST_PRECEDENCE)
@@ -20,9 +23,18 @@ public class RestCorsFilter implements Filter {
20 23
     public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
21 24
         HttpServletResponse response = (HttpServletResponse) res;
22 25
         HttpServletRequest request = (HttpServletRequest) req;
23
-        response.setHeader("Access-Control-Allow-Origin", "*"); // 可写成受信任的站点
26
+
27
+        String[] allowDomain={"http://10.152.72.7","http://10.152.70.21","http://10.152.72.5"};
28
+        Set<String> allowedOrigins=new HashSet<>(Arrays.asList(allowDomain));
29
+        String originHeader=request.getHeader("Origin");
30
+        if(allowedOrigins.contains(originHeader)){
31
+            response.setHeader("Access-Control-Allow-Origin",originHeader);
32
+        }else{
33
+            response.setHeader("Access-Control-Allow-Origin","https://***.***.com");
34
+        }
35
+        response.setHeader("Access-Control-Allow-Origin", "http://10.152.72.7"); // 可写成受信任的站点
24 36
         response.setHeader("Access-Control-Allow-Credentials","true");
25
-        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS ,DELETE,PUT");
37
+        response.setHeader("Access-Control-Allow-Methods", "POST, GET,DELETE,PUT");
26 38
         response.setHeader("Access-Control-Max-Age", "31536000");
27 39
         response.setHeader("Access-Control-Allow-Headers", "*");
28 40
         if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {