Token 令牌在服务器运维中的跨域问题
一、问题成因与常见症状
二、运维视角的解决方案优先级
三、关键配置示例
server {
listen 80;
server_name www.example.com;
location / {
root /usr/share/nginx/html;
try_files $uri $uri/ /index.html;
}
location /api/ {
proxy_pass http://backend-server.com/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CorsFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
String origin = request.getHeader("Origin");
response.setHeader("Access-Control-Allow-Origin", origin); // 明确指定源
response.setHeader("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,OPTIONS");
response.setHeader("Access-Control-Allow-Headers", "Authorization,Content-Type,token");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Expose-Headers", "Authorization"); // 如需前端读取
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
return;
}
chain.doFilter(req, res);
}
// init/destroy 省略
}
// WebSecurity 配置
web.ignoring().antMatchers(HttpMethod.OPTIONS, "/oauth/token");
// AuthorizationServer 配置
CorsConfiguration cfg = new CorsConfiguration();
cfg.addAllowedOrigin("http://localhost:5173");
cfg.addAllowedHeader("*");
cfg.setAllowCredentials(true);
cfg.addAllowedMethod("*");
cfg.setMaxAge(3600L);
Map<String, CorsConfiguration> map = new HashMap<>();
map.put("/oauth/token", cfg);
endpoints.getFrameworkEndpointHandlerMapping().setCorsConfigurations(map);
四、前端与 Token 传递要点
axios.defaults.headers.common['Authorization'] = 'Bearer ' + token;
response.setHeader("Access-Control-Allow-Headers", "token, Content-Type");
axios.defaults.withCredentials = true;
五、排障清单与安全建议
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。