后端ssm 前端ajax 跨域问题解决与引起的新的问题多次请求的sessionId不同

最新推荐文章于 2024-06-15 18:09:44 发布

原创最新推荐文章于 2024-06-15 18:09:44 发布 · 366 阅读

1 ·

本内容遵循CC 4.0 BY-SA版权协议

标签

#ajax #chrome

ssm 专栏收录该内容

2 篇文章

订阅专栏

博客主要围绕Ajax跨域及Chrome浏览器多次请求sessionId不一致问题展开。介绍了后端跨域代码及springMVC.xml配置，前端Ajax的相关设置。指出Chrome 80版本后SameSite属性变化导致跨域cookie无法携带，给出在Chrome中设置SameSite为disabled的解决办法。

后端

跨域代码

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @author jjl
 * @create 2020-05-08 10:29
 */

public class SimpleCORSFilter implements Filter {
    private boolean isCross = false;

    public void destroy() {
        isCross = false;
    }

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        if (isCross) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) request;
            HttpServletResponse httpServletResponse = (HttpServletResponse) response;
            System.out.println("拦截请求: " + httpServletRequest.getServletPath());
            httpServletResponse.setHeader("Access-Control-Allow-Origin", request.getHeader("origin"));
            httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
            httpServletResponse.setHeader("Access-Control-Max-Age", "0");
            httpServletResponse.setHeader("Access-Control-Allow-Headers",
                    "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token");
            httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
            httpServletResponse.setHeader("XDomainRequestAllowed", "1");
        }
        chain.doFilter(request, response);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        String isCrossStr = filterConfig.getInitParameter("IsCross");
        isCross = isCrossStr.equals("true") ? true : false;
        System.out.println(isCrossStr);
    }
}

配置springMVC.xml

其它配置省略

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/mvc
        http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context.xsd">
 <!--     其它配置省略-->
 <!--     接口跨域配置-->
    <mvc:cors>
        <mvc:mapping path="/**"  allowed-origins="*"
                     allowed-methods="POST, GET, OPTIONS, DELETE, PUT"
                     allowed-headers="Content-Type,  Content-Length, Authorization, Accept, X-Requested-With, yourHeaderFeild"
                     allow-credentials="true" />
    </mvc:cors>
    
</beans>

前端ajax

xhrFields: { withCredentials: true },
crossDomain: true

$.ajax({
        type:type,
        url:baseUrl+url,
        data: JSON.stringify(data),
        //关闭默认的contentType(默认的形式是表单)
        contentType: false,
        /设置新的contentType
        contentType:'application/json; charset=utf-8',
        //预期服务器返回数据的类型
        dataType: 'json',  
        xhrFields: { withCredentials: true },
        crossDomain: true,
        success:function(data){
        },
        error:function(jqXHR){ 
        }
});