response.headers().set("Access-Control-Allow-Origin","*");

Access-Control-Allow-Origin 为允许哪些Origin发起跨域请求. 这里设置为”*”表示允许所有，通常设置为所有并不安全，最好指定一下。 
Access-Control-Allow-Methods 为允许请求的方法. 
Access-Control-Max-Age 表明在多少秒内，不需要再发送预检验请求，可以缓存该结果 
Access-Control-Allow-Headers 表明它允许跨域请求包含content-type头，这里设置的x-requested-with ，表示ajax请求

<filter>
        <filter-name>CrossOrigin</filter-name>
        <filter-class>org.digdata.swustoj.filter.CrossOriginFilter</filter-class>
         <init-param>
            <param-name>AccessControlAllowOrigin</param-name>
            <param-value>*</param-value>
        </init-param>
        <init-param>
            <param-name>AccessControlAllowMethods</param-name>
            <param-value>POST, GET, DELETE, PUT</param-value>
        </init-param>
        <init-param>
            <param-name>AccessControlMaxAge</param-name>
            <param-value>3628800</param-value>
        </init-param>
        <init-param>
            <param-name>AccessControlAllowHeaders</param-name>
            <param-value>x-requested-with</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>CrossOrigin</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>


package org.digdata.swustoj.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

/**
 * 
 * @author wwhhf
 * @since 2016年5月30日
 * @comment 跨域过滤器
 */
public class CrossOriginFilter implements Filter {

    private FilterConfig config = null;

    @Override
    public void init(FilterConfig config) throws ServletException {
        this.config = config;
    }

    @Override
    public void destroy() {
        this.config = null;
    }

    /**
     * 
     * @author wwhhf
     * @since 2016/5/30
     * @comment 跨域的设置
     */
    @Override
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        // 表明它允许"http://xxx"发起跨域请求
        httpResponse.setHeader("Access-Control-Allow-Origin",
                config.getInitParameter("AccessControlAllowOrigin"));
        // 表明在xxx秒内，不需要再发送预检验请求，可以缓存该结果
        httpResponse.setHeader("Access-Control-Allow-Methods",
                config.getInitParameter("AccessControlAllowMethods"));
        // 表明它允许xxx的外域请求
        httpResponse.setHeader("Access-Control-Max-Age",
                config.getInitParameter("AccessControlMaxAge"));
        // 表明它允许跨域请求包含xxx头
        httpResponse.setHeader("Access-Control-Allow-Headers",
                config.getInitParameter("AccessControlAllowHeaders"));
        chain.doFilter(request, response);
    }

}

 
转载于:https://www.cnblogs.com/chen-lhx/p/6170687.html

/**
 * 跨域配置
 */
@Configuration
public class CorsConfig {

    public CorsConfig() {
    }

    @Bean
    public CorsFilter corsFilter() {
        // 1. 根据情况添加cors配置源信息
        CorsConfiguration config = new CorsConfiguration();
        config.addAllowedOrigin("http://localhost:8080");
//        config.addAllowedOrigin("*");

        // 设置是否发送cookie信息
        config.setAllowCredentials(true);

        // 设置允许请求的方式
        config.addAllowedMethod("*");

        // 设置允许的header
        config.addAllowedHeader("*");

        // 2. 为url添加跨域配置
        UrlBasedCorsConfigurationSource corsSource = new UrlBasedCorsConfigurationSource();
        corsSource.registerCorsConfiguration("/**", config);

        // 3. CorsFilter交给spring
        return new CorsFilter(corsSource);
    }

}

项目中有多个Filter时，需要通过 @Order(Ordered.HIGHEST_PRECEDENCE) 注解设置过滤器的执行顺序
order的规则
1. order的值越小，优先级越高
2. order如果不标注数字，默认最低优先级，因为其默认值是int最大值
3. 该注解等同于实现Ordered接口getOrder方法，并返回数字。

如果使用如下注释掉的方法进行设置跨域，Filter的doFilter()方法中直接return出去时，前端会提示跨域

因为这个CorsConfig并没有实现Filter接口，即使加上 @Order 注解也不会生效，需要通过如下新的方式返回一个新的FilterRegistrationBean出去，并设置order
import com.nanase.takeshi.constants.JwtConstant;
import lombok.extern.slf4j.Slf4j;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

/**
 * CorsConfig
 * 跨域请求配置
 *
 * @author 725
 * @date 2020/12/10 18:17
 */
@Slf4j
@Configuration
public class CorsConfig {

    private CorsConfiguration buildConfig() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        // 1 设置访问源地址
        corsConfiguration.addAllowedOrigin("*");
        // 2 设置访问源请求头
        corsConfiguration.addAllowedHeader("*");
        // 3 设置访问源请求方法
        corsConfiguration.addAllowedMethod("*");
        // 4 暴露哪些头部信息
        corsConfiguration.addExposedHeader(JwtConstant.HEADER);
        return corsConfiguration;
    }
    /**
	@Bean
    public CorsFilter corsFilter() {
        log.info("跨域设置。。。。");
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        // 对接口配置跨域设置
        source.registerCorsConfiguration("/**", buildConfig());
        return new CorsFilter(source);
    }
    */
    
    @Bean
    public FilterRegistrationBean<CorsFilter> corsFilter() {
        log.info("跨域设置。。。。");
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        // 5 对接口配置跨域设置
        source.registerCorsConfiguration("/**", buildConfig());
        //有多个filter时此处设置改CorsFilter的优先执行顺序
        FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<>(new CorsFilter(source));
        bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
        return bean;
    }

}