GWT-No’Access-Control-Allow-Origin’标头出现在请求的资源上

扩展Filter并在服务器端添加类，如下所示：
注意：这只是一个让你前进的简单例子。 如果你没有正确配置它，请告诉自己安全风险……
查看本文的最后一部分

 public class CORSFilter implements Filter { // For security reasons set this regex to an appropriate value // example: ".*example\\.com" private static final String ALLOWED_DOMAINS_REGEXP = ".*"; public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) servletRequest; HttpServletResponse resp = (HttpServletResponse) servletResponse; String origin = req.getHeader("Origin"); if (origin != null && origin.matches(ALLOWED_DOMAINS_REGEXP)) { resp.addHeader("Access-Control-Allow-Origin", origin); if ("options".equalsIgnoreCase(req.getMethod())) { resp.setHeader("Allow", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS"); if (origin != null) { String headers = req.getHeader("Access-Control-Request-Headers"); String method = req.getHeader("Access-Control-Request-Method"); resp.addHeader("Access-Control-Allow-Methods", method); resp.addHeader("Access-Control-Allow-Headers", headers); // optional, only needed if you want to allow cookies. resp.addHeader("Access-Control-Allow-Credentials", "true"); resp.setContentType("text/x-gwt-rpc"); } resp.getWriter().flush(); return; } } // Fix ios6 caching post requests if ("post".equalsIgnoreCase(req.getMethod())) { resp.addHeader("Cache-Control", "no-cache"); } if (filterChain != null) { filterChain.doFilter(req, resp); } } @Override public void destroy() { } @Override public void init(FilterConfig arg0) throws ServletException { } } 

不要忘记在web.xml中添加Filter （在WAR文件中，而不是tomcat web.xml）文件。

  corsFilter .CORSFilter   corsFilter /*