|
|
@@ -98,7 +98,7 @@ public class CORSFilter implements Filter {
|
|
|
// 有Origin头(可能是跨域)
|
|
|
String currentDomain = httpRequest.getScheme() + "://" + httpRequest.getServerName();
|
|
|
|
|
|
- if (requestDomain.equals(serverDomain)) {
|
|
|
+ if (requestDomain.equals(currentDomain)) {
|
|
|
// 情况2:同源请求(协议+域名相同,端口不同也视为同源)
|
|
|
filterChain.doFilter(httpRequest, response);
|
|
|
} else if (bmd.contains(requestDomain)) {
|
|
|
@@ -111,7 +111,8 @@ public class CORSFilter implements Filter {
|
|
|
filterChain.doFilter(httpRequest, response);
|
|
|
} else {
|
|
|
// 情况4:非法的跨域请求
|
|
|
- log.warn("跨域请求被拒绝:origin{} → {}", origin, httpRequest.getRequestURI());
|
|
|
+ log.warn("跨域请求被拒绝:{} → {}", origin, httpRequest.getRequestURI());
|
|
|
+ log.warn("requestDomain:{} → serverDomain:{}->currentDomain:{}", requestDomain, httpRequest.getRequestURI(),currentDomain);
|
|
|
response.setStatus(HttpServletResponse.SC_FORBIDDEN);//403
|
|
|
response.getWriter().write("Cross-origin request not allowed");
|
|
|
}
|
xiexh