服务端是写的servlet,在编写AJAX对服务端请求时出现
报错代码: ccess to XMLHttpRequest at ‘http://localhost:8080/searchuser1?searchword=undefined’ from origin ‘null’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
首先F12打开点击networ查看是否发送请求,看到是的一个OPTION请求,我在AJAX中写的GET请求,这里却是OPTION所以很疑惑 百度了一下:
Ajax在发送get/post之前会先发送一个option请求,看看是否正确,如果是拒绝性质(404,403,500)的,就会停止请求。
相关文章在这:https://www.cnblogs.com/wanghuijie/p/preflighted_request.html 在java端过滤器上添加代码:
@Override protected void doOptions(HttpServletRequest request, HttpServletResponse response) { response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Credentials", "true"); response.setHeader("Access-Control-Allow-Methods", "*"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "Authorization,Origin,X-Requested-With,Content-Type,Accept," + "content-Type,origin,x-requested-with,content-type,accept,authorization,token,id,X-Custom-Header,X-Cookie,Connection,User-Agent,Cookie,*"); response.setHeader("Access-Control-Request-Headers", "Authorization,Origin, X-Requested-With,content-Type,Accept"); response.setHeader("Access-Control-Expose-Headers", "*"); }如果拦截到的请求不是项目中常规的GET或者POST请求,则该拦截器直接放行
在servlet 的controller添加代码:
resp.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); resp.setHeader("Access-Control-Max-Age", "3600"); resp.setHeader("Access-Control-Allow-Headers", "x-requested-with"); resp.setHeader("Access-Control-Allow-Origin", "*"); /*resp.setContentType("application/json");*/ resp.setContentType("text/json; charset=utf-8");//默认为text,输出json时需要声明允许跨域,编码为UTF-8
