Skip to content

Commit 76da576

Browse files
JoyChou93JoyChou93
committed
update cors
1 parent ea9ad0e commit 76da576

File tree

3 files changed

+5
-14
lines changed

3 files changed

+5
-14
lines changed

java-sec-code.iml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@
5959
<orderEntry type="library" name="Maven: org.codehaus.groovy:groovy:2.4.7" level="project" />
6060
<orderEntry type="library" name="Maven: mysql:mysql-connector-java:8.0.12" level="project" />
6161
<orderEntry type="library" name="Maven: com.google.protobuf:protobuf-java:2.6.0" level="project" />
62-
<orderEntry type="library" name="Maven: com.alibaba:fastjson:1.2.48" level="project" />
62+
<orderEntry type="library" name="Maven: com.alibaba:fastjson:1.2.24" level="project" />
6363
<orderEntry type="library" name="Maven: org.jdom:jdom2:2.0.6" level="project" />
6464
<orderEntry type="library" name="Maven: org.dom4j:dom4j:2.1.1" level="project" />
6565
<orderEntry type="library" name="Maven: com.google.guava:guava:21.0" level="project" />

pom.xml

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -82,12 +82,6 @@
8282
<version>21.0</version>
8383
</dependency>
8484

85-
<dependency>
86-
<groupId>com.google.guava</groupId>
87-
<artifactId>guava</artifactId>
88-
<version>21.0</version>
89-
</dependency>
90-
9185
<dependency>
9286
<groupId>commons-collections</groupId>
9387
<artifactId>commons-collections</artifactId>

src/main/java/org/joychou/controller/CORS.java

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -27,19 +27,17 @@ public class CORS {
2727
private static String vuls1(HttpServletRequest request, HttpServletResponse response) {
2828
// 获取Header中的Origin
2929
String origin = request.getHeader("origin");
30-
3130
response.setHeader("Access-Control-Allow-Origin", origin); // 设置Origin值为Header中获取到的
32-
// response.setHeader("Access-Control-Allow-Methods", "POST, GET");
3331
response.setHeader("Access-Control-Allow-Credentials", "true"); // cookie
3432
return info;
3533
}
3634

3735
@RequestMapping("/vuls2")
3836
@ResponseBody
3937
private static String vuls2(HttpServletResponse response) {
38+
// 不建议设置为*
39+
// 后端设置Access-Control-Allow-Origin为*的情况下,跨域的时候前端如果设置withCredentials为true会异常
4040
response.setHeader("Access-Control-Allow-Origin", "*");
41-
// response.setHeader("Access-Control-Allow-Methods", "POST, GET");
42-
// response.setHeader("Access-Control-Allow-Credentials", "true");
4341
return info;
4442
}
4543

@@ -61,9 +59,8 @@ private static String seccode(HttpServletRequest request, HttpServletResponse re
6159
if ( origin != null && !sec.checkSafeUrl(origin, urlwhitelist) ) {
6260
return "Origin is not safe.";
6361
}
64-
response.setHeader("Access-Control-Allow-Origin", "*");
65-
// response.setHeader("Access-Control-Allow-Methods", "POST, GET");
66-
// response.setHeader("Access-Control-Allow-Credentials", "true");
62+
response.setHeader("Access-Control-Allow-Origin", origin);
63+
response.setHeader("Access-Control-Allow-Credentials", "true");
6764
return info;
6865
}
6966

0 commit comments

Comments
 (0)