Tomcat 8系列笔记:tomcat8.5.41版本 CorsFilter 跨域设置的问题

<filter>
     <filter-name>CorsFilter</filter-name>
     <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
     <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>*</param-value>
      </init-param>
      <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
      </init-param>
      <init-param>
        <param-name>cors.allowed.headers</param-name>
        <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
      </init-param>
      <init-param>
        <param-name>cors.exposed.headers</param-name>
        <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
      </init-param>
      <init-param>
        <param-name>cors.support.credentials</param-name>
        <param-value>true</param-value>
      </init-param>
      <init-param>
        <param-name>cors.preflight.maxage</param-name>
        <param-value>10</param-value>
      </init-param>
     </filter>

tomcat的从8.5.33版本开始,如果 orign 设置为 * ,就不再允许credentials 设置为true 。

8.5.41 CORS配置官方文档说明:http://tomcat.apache.org/tomcat-8.0-doc/config/filter.html#Add_Default_Character_Set_Filter/Initialisation_parameters

 


版权声明:本文为wngpenghao原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。