IT/JAVA

Access-Control-Allow-Origin CORS 크로스도메인 방어

김보야 2017. 12. 1. 16:07

CORSFilter.class

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
package com.boya.filter;
 
import java.io.IOException;
 
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
 
public class CORSFilter implements Filter {
    
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse hsr = (HttpServletResponse) res;
        hsr.setHeader("Access-Control-Allow-Origin""*");
        hsr.setHeader("Access-Control-Allow-Methods""POST, GET, OPTIONS");
        hsr.setHeader("Access-Control-Max-Age""3600");
        hsr.setHeader("Access-Control-Allow-Headers""x-requested-with, origin, content-type, accept");
        chain.doFilter(req, res);
    }
 
    public void init(FilterConfig filterConfig) throws ServletException{/**/}
 
    public void destroy() {/**/}
}
cs



web.xml

1
2
3
4
5
6
7
8
    <filter>
        <filter-name>corsFilter</filter-name>
         <filter-class>com.boya.filter.CORSFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>corsFilter</filter-name>
        <url-pattern>/*</url-pattern>
    <filter-mapping>
cs