CORSFilter.java

package com.aggrepoint.servlet;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.filter.OncePerRequestFilter;

public class CORSFilter extends OncePerRequestFilter {
	@Override
	protected void doFilterInternal(HttpServletRequest request,
			HttpServletResponse response, FilterChain filterChain)
			throws ServletException, IOException {
		if (request.getHeader("Origin") == null) {
			filterChain.doFilter(request, response);
			return;
		}

		response.addHeader("Access-Control-Allow-Origin",
				request.getHeader("Origin"));

		if (request.getHeader("Access-Control-Request-Method") != null
				&& "OPTIONS".equals(request.getMethod())) {
			// CORS "pre-flight" request
			response.addHeader("Access-Control-Allow-Methods",
					"GET, POST, PUT, DELETE");
			// response.addHeader("Access-Control-Allow-Headers",
			// "Authorization");
			response.addHeader("Access-Control-Allow-Headers", "Content-Type");
			response.addHeader("Access-Control-Max-Age", "1");
		}

		// CORS请求不能传递自定义的HEADER，转换为<div id="winlet-header"></div>放在返回的内容中
		CORSResponseWrapper wrapper = new CORSResponseWrapper(response);
		filterChain.doFilter(request, wrapper);
		wrapper.close();
	}
}