微调

a010b3a3 · inroi · 2d34bffa · a010b3a3
--- a/starbos-system/src/main/java/com/nzwz/config/GlobalCorsConfig.java
+++ b/starbos-system/src/main/java/com/nzwz/config/GlobalCorsConfig.java
 package com.nzwz.config;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Conditional;
 import org.springframework.context.annotation.Configuration;
@@ -13,24 +14,36 @@ import org.springframework.web.filter.CorsFilter;
 /**
 * @author Inori
 */
-@Order(Ordered.HIGHEST_PRECEDENCE)
 @Configuration
 public class GlobalCorsConfig {
    @Bean
-    public CorsFilter corsFilter() {
+    public FilterRegistrationBean corsFilter() {
-        final UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
+        //1.添加CORS配置信息
-        final CorsConfiguration corsConfiguration = new CorsConfiguration();
+        CorsConfiguration config = new CorsConfiguration();
-        //是否允许请求带有验证信息
+        //1) 允许的域,不要写*，否则cookie就无法使用了
-        corsConfiguration.setAllowCredentials(true);
+        config.addAllowedOrigin("*");
-        // 允许访问的客户端域名
+        //2) 是否发送Cookie信息
-        corsConfiguration.addAllowedOrigin("*");
+        config.setAllowCredentials(true);
-        // 允许服务端访问的客户端请求头
+        //3) 允许的请求方式
-        corsConfiguration.addAllowedHeader("*");
+        config.addAllowedMethod("OPTIONS");
-        // 允许访问的方法名,GET POST等
+        config.addAllowedMethod("HEAD");
-        corsConfiguration.addAllowedMethod("*");
+        config.addAllowedMethod("GET");
-        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
+        config.addAllowedMethod("PUT");
-        return new CorsFilter(urlBasedCorsConfigurationSource);
+        config.addAllowedMethod("POST");
+        config.addAllowedMethod("DELETE");
+        config.addAllowedMethod("PATCH");
+        config.setMaxAge(3600L);
+        // 4）允许的头信息
+        config.addAllowedHeader("*");
+        //2.添加映射路径，我们拦截一切请求
+        UrlBasedCorsConfigurationSource configSource = new UrlBasedCorsConfigurationSource();
+        configSource.registerCorsConfiguration("/**", config);
+        FilterRegistrationBean bean = new FilterRegistrationBean<>(new CorsFilter(configSource));
+        bean.setOrder(0);
+        return bean;
    }