spring-cloud-gateway跨域的坑

作者: 邓立_全栈UncleLi | 来源:发表于2019-08-19 13:59 被阅读0次

spring-cloud-gateway跨域的坑
跨域问题剖析
SpringBoot 实现前后端分离的跨域访问（CORS）
Nginx 允许子域名通配符跨域
跨域踩坑
关于防盗链与跨域访问
深入跨域问题(3) - 利用 JSONP 解决跨域
Web前后端跨域问题处理
关于设置env等环境变量的思考
跨域问题详解分析

开始的时候找了很多种办法，，包括在gateway服务的application.yml写了的配置都没有生效
如
一、

spring:
  cloud:
    gateway:      
      globalcors:        
        corsConfigurations:
          '[/**]': 
            allowedOrigins: "*" 
            allowedMethods: "*"

二、

spring:
  cloud:
    gateway:
      routes:
      - id: dedupe_response_header_route
        uri: http://shaguo
        filters:
        - AddResponseHeader=Access-Control-Allow-Origin

也包括应用服务写全局拦截器（不是gateway服务），也没有用

package com.kfz.config

import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

@Component
public class CrossOriginFilter implements GlobalFilter, Ordered {
    private static final String ALL = "*";
    private static final String MAX_AGE = "18000L";


    @Override
    public Mono<Void> filter(ServerWebExchange serverWebExchange, GatewayFilterChain gatewayFilterChain) {
        ServerHttpRequest request = serverWebExchange.getRequest();
//        if (!CorsUtils.isCorsRequest(request)) {
//            return gatewayFilterChain.filter(serverWebExchange);
//        }
        ServerHttpResponse response = serverWebExchange.getResponse();
        HttpHeaders headers = response.getHeaders();
        headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*");
        headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "POST, GET, PUT, OPTIONS, DELETE, PATCH");
        headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
        headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "*");
        headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, ALL);
        headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, MAX_AGE);
        if (request.getMethod() == HttpMethod.OPTIONS) {
            response.setStatusCode(HttpStatus.OK);
            return Mono.empty();
        }
        return gatewayFilterChain.filter(serverWebExchange);
    }

    @Override
    public int getOrder() {
        return -300;
    }
}

最后在github找到了答案，说需要重新定义配置，否则配置为空，spring-cloud-gateway默认采用webflux拦截，用以下代码写在gateway服务可以关闭默认webflux拦截，开启自定义拦截，如下图的configA、configB

例图

最后成功的方式是在gateway服务加上以下拦截器就好了

package com.kfz.gateway;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.reactive.CorsWebFilter;
import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
import org.springframework.web.util.pattern.PathPatternParser;

@Configuration
public class CorsConfig {
    @Bean
    public CorsWebFilter corsFilter() {
        CorsConfiguration config = new CorsConfiguration();
        config.addAllowedMethod("*");
        config.addAllowedOrigin("*");
        config.addAllowedHeader("*");

        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(new PathPatternParser());
        source.registerCorsConfiguration("/**", config);

        return new CorsWebFilter(source);
    }
}