servlet-util 包中的 ControllerUtil 用于处理常见请求问题.
准备环境
- maven
<dependency>
<groupId>cn.linpengfei.sybnutil</groupId>
<artifactId>servlet-util</artifactId>
<version>0.3.30-SNAPSHOT</version>
</dependency>
相关代码
- ControllerUtil.getAccessRequestHeaders(request)
// cn.sybn.util.servlet.http.ControllerUtil
response.setHeader("Access-Control-Allow-Methods", "POST,GET,OPTIONS");
response.setHeader("Access-Control-Allow-Origin", ConverUtil.toString(request.getHeader("Origin")));
response.setHeader("Access-Control-Allow-Headers", ControllerUtil.getAccessRequertHeaders(request));
response.setHeader("Access-Control-Allow-Credentials", "true");
主要逻辑
-
如果有 access-control-request-headers:xxx 返回 xxx
-
对于 chrome 会采用 Access-Control-Allow-Headers:* 允许所有请求头
-
对于 Firefox 不满足前面条件时, 会从请求头中获取所有 headerName 去除常用的值后返回
private static final Set<String> headerNameSet = SetUtil.toSet(
"accept", "accept-encoding", "accept-language", "connection", "cookie", "user-agent",
"host", "referer", "content-type", "upgrade-insecure-requests", "pragma", "cache-control",
"sec-ch-ua", "x-requested-with", "sec-ch-ua-mobile", "sec-fetch-site", "sec-fetch-mode", "sec-fetch-dest",
"x-csrf-token", "content-length", "access-control-request-method", "access-control-request-headers", "origin");
public static String getAccessRequertHeaders(HttpServletRequest request) {
// 如果有 access-control-request-headers 则 直接返回
Enumeration<String> headers = request.getHeaderNames();
String requestAccessHeader = request.getHeader("access-control-request-headers");
if (requestAccessHeader != null) {
return requestAccessHeader;
}
// 非 Firefox 返回 *
if (!request.getHeader("user-agent").contains("Firefox/")) {
return "*";
}
// 返回 header 中所有不在 headerNameSet 中的值
StringBuilder sb = new StringBuilder();
while (headers.hasMoreElements()) {
String header = headers.nextElement().toLowerCase();
if (!headerNameSet.contains(header)) {
if (sb.length() > 0) {
sb.append(",");
}
sb.append(header);
}
}
return sb.toString();
}
