SpringBoot允许跨域访问

当它请求的一个资源是从一个与它本身提供的第一个资源的不同的域名时，一个资源会发起一个跨域HTTP请求(Cross-site HTTP request)。

一般都是异步请求会有这个问题，比如：Ajax，XMLHttpRequest等

使用@Configuration（推荐）

import org.springframework.context.annotation.Bean;  
import org.springframework.context.annotation.Configuration;  
import org.springframework.web.cors.CorsConfiguration;  
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;  
import org.springframework.web.filter.CorsFilter;  
  
@Configuration  
public class CorsConfig {
    @Bean  
    public CorsFilter corsFilter() {  
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();  
        source.registerCorsConfiguration("/**", buildConfig()); 
        return new CorsFilter(source);  
    }  
    
   private CorsConfiguration buildConfig() {  
        CorsConfiguration corsConfiguration = new CorsConfiguration();  
        // 1允许任何域名使用
        corsConfiguration.addAllowedOrigin("*"); 
        // 2允许任何头
        corsConfiguration.addAllowedHeader("*"); 
         // 3允许任何方法（post、get等） 
        corsConfiguration.addAllowedMethod("*");
        return corsConfiguration;  
    }  
}

使用Filter

import javax.servlet.*;  
import javax.servlet.http.HttpServletResponse;  
import java.io.IOException;  

@Component  
public class CorsFilter implements Filter {  
  
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {  
        HttpServletResponse response = (HttpServletResponse) res;  
        response.setHeader("Access-Control-Allow-Origin", "*");  
        response.setHeader("Access-Control-Allow-Methods", "POST, GET");  
        response.setHeader("Access-Control-Max-Age", "3600");  
        response.setHeader("Access-Control-Allow-Headers", "x-requested-with");   
        chain.doFilter(req, res);  
    }  
    public void init(FilterConfig filterConfig) {}  
    public void destroy() {}  
}