서비스 API CORS 적용
- CORS 요청 종류 : Simple/Preflight, Credential/Non-Credential
- 서비스 api는 Custom Header가 존재하여 Preflight 적용 됨
- Preflight 요청은 OPTIONS 메소드로 예비요청 후 (POST, GET, HEAD, PUT ,DELETE)인 본 요청 처리 (브라우저에 의해 자동으로 요청됨)
1.tomcat 설정
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>https://www.apache.org</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>2. 서비스 설정
-
Spring MVC CORS
-
참고url: https://docs.spring.io/spring-framework/docs/current/reference/html/web.html#mvc-cors
1) CrossOrigin annotation 설정 (Controller 개별허용)
@CrossOrigin(origins = https://test.com) 특정 url 설정 가능
@Override
@CrossOrigin(origins = "*")
public ResponseVo svcMainGets(HeaderVo headerVo, HttpServletRequest httpServletRequest) throws Exception {
...
}2) WebConfig 설정 (전역설정)
@Configuration
@EnableWebMvc
public class WebMvcConfig implements WebMvcConfigurer , Filter{
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowedMethods("*")
.allowedHeaders("*");
}3) Filter 설정
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT, PATCH");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me");
chain.doFilter(req, res);
}
Enjoy automating tasks, rather than repeating them! DRY(Don't Repeat Yourself)