How to solve the problem of Ajax cross-domain and cookie failure in SpringBoot

When writing the login registration page of my own project, because my registration and password change functions use email verification, the backend will add a cookie to the response data when sending the verification code

Cookie cookie = new Cookie(toEmail.split("@")[0],verCode);
cookie.setMaxAge(30*60);
response.addCookie(cookie);

and then When you click to register or change your password, the backend will obtain the cookie from the request to obtain the email and verification code information

Cookie[] cookies = request.getCookies();

When testing locally, the cookie can be correctly added to the response and can also be obtained correctly

But when I packaged the project to the cloud and then performed ajax access, a problem occurred. Cookie acquisition failed!

There is clearly set-Cookie in the response header, but Cookie cannot be found in the second request header

The server fails to obtain the cookie and reports an error. The function of using cookies to register and change passwords is invalid. After searching for the document, I found that the error originated from the cross-domain cookie loss problem of springboot and ajax. Since I am new to the backend,

I only post my solution here

1. The ajax request needs to carry xmlhttp.withCredentials = true; #3. Set the response header for the response in the api in the Controller, key

is "Access-Control-Allow-Origin" access control allowed source, http request header information, set allowed resource sharing (cross-domain ) The source

var xmlhttp = new XMLHttpRequest();
xmlhttp.withCredentials = true;
xmlhttp.open("GET", readyUrl, true);
xmlhttp.send();

value is request.getHeader("Origin"), which represents the protocol and domain name

combination of the page where the currently requested resource is located Together they mean Allow the current requested resource to access back-end resources across domains

After setting these three parts, I can get the cookie again

2022 -12-09 Update:

Found a more concise and convenient method to add a cross-domain request filter

Used the StringUtils.isEmpty method of the Druid data pool dependency package , if an error is reported, just write a replacement yourself

package com.crisp.myblog.config;
 
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 
@Configuration
public class corsConfig implements WebMvcConfigurer {
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
                //是否发送Cookie
                .allowCredentials(true)
                //放行哪些原始域
                .allowedOriginPatterns("这里填你前端代码所在的域名:端口")
                .allowedMethods(new String[]{"GET", "POST", "PUT", "DELETE"})
                .allowedHeaders("*")
                .exposedHeaders("*");
    }
}

The above is the detailed content of How to solve the problem of Ajax cross-domain and cookie failure in SpringBoot. For more information, please follow other related articles on the PHP Chinese website!