|
|
@@ -55,12 +55,10 @@ public class CORSFilter implements Filter {
|
|
|
}
|
|
|
|
|
|
// Host头验证
|
|
|
- log.warn("-------Host头验证开始-------");
|
|
|
if(!validateHostHeader(httpRequest, response)){
|
|
|
log.warn("Host头验证白名单失败",ALLOWED_HOSTS);
|
|
|
return; // 验证失败已设置响应
|
|
|
}
|
|
|
- log.warn("-------Host头验证结束-------");
|
|
|
// === Host头验证结束 ===
|
|
|
// response.setHeader("Access-Control-Allow-Origin", "*");
|
|
|
// response.setHeader("Access-Control-Max-Age", "3600");
|
|
|
@@ -68,20 +66,19 @@ public class CORSFilter implements Filter {
|
|
|
// response.setHeader("Access-Control-Allow-Credentials", "true");
|
|
|
// response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
|
|
|
/**Origin验证*/
|
|
|
- log.warn("-------Origin头验证开始-------");
|
|
|
// 1. 获取请求的 Origin(跨域请求会带这个头)
|
|
|
String origin = httpRequest.getHeader("Origin");
|
|
|
|
|
|
// 2. 不存在启用的CORS跨域白名单配置,直接跳过
|
|
|
refreshHostWhitelistIfNeeded("CORS");
|
|
|
if(ALLOWED_CORSES.contains("N999999")){
|
|
|
- log.warn("没有配置参数1:",ALLOWED_CORSES);
|
|
|
+ log.warn("不存在启用的CORS跨域白名单配置,ALLOWED_CORSES:{}",ALLOWED_CORSES);
|
|
|
filterChain.doFilter(httpRequest, response);
|
|
|
return;
|
|
|
}
|
|
|
//3.无Origin头(同源请求或非浏览器请求),跳过
|
|
|
if (origin == null) {
|
|
|
- log.warn("没有配置参数2:",ALLOWED_CORSES);
|
|
|
+ log.warn("origin 值为null");
|
|
|
filterChain.doFilter(httpRequest, response);
|
|
|
return;
|
|
|
}
|
|
|
@@ -105,7 +102,7 @@ public class CORSFilter implements Filter {
|
|
|
response.setStatus(HttpServletResponse.SC_OK);
|
|
|
return;
|
|
|
}*/
|
|
|
- log.warn("合法的跨域请求ALLOWED_CORSES:{}->->requestDomain:{}",requestDomain,currentDomain);
|
|
|
+ //log.warn("合法的跨域请求ALLOWED_CORSES:{}->->requestDomain:{}",requestDomain,currentDomain);
|
|
|
filterChain.doFilter(httpRequest, response);
|
|
|
} else {
|
|
|
// 情况4:非法的跨域请求
|
xiexh