diff --git a/src/main/java/icu/sunway/ai_spring_example/Config/CorsConfig.java b/src/main/java/icu/sunway/ai_spring_example/Config/CorsConfig.java index f3ec50f..153659a 100644 --- a/src/main/java/icu/sunway/ai_spring_example/Config/CorsConfig.java +++ b/src/main/java/icu/sunway/ai_spring_example/Config/CorsConfig.java @@ -27,7 +27,7 @@ public class CorsConfig { config.addAllowedHeader("*"); // 允许的请求方法 - config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS")); + config.addAllowedMethod("*"); // 允许发送Cookie config.setAllowCredentials(true); diff --git a/src/main/java/icu/sunway/ai_spring_example/Config/SecurityConfig.java b/src/main/java/icu/sunway/ai_spring_example/Config/SecurityConfig.java index f68754c..fe24073 100644 --- a/src/main/java/icu/sunway/ai_spring_example/Config/SecurityConfig.java +++ b/src/main/java/icu/sunway/ai_spring_example/Config/SecurityConfig.java @@ -6,6 +6,11 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; + +import java.util.Arrays; @Configuration @EnableWebSecurity @@ -14,20 +19,33 @@ public class SecurityConfig { @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http - // 启用跨域配置 - .cors(cors -> cors.configurationSource(request -> new org.springframework.web.cors.CorsConfiguration().applyPermitDefaultValues())) - // 禁用默认的登录表单和HTTP基本认证 - .formLogin(form -> form.disable()) - .httpBasic(basic -> basic.disable()) - // 允许所有请求通过,取消默认登录验证 + // 启用跨域配置 + .cors(cors -> cors.configurationSource(corsConfigurationSource())) + // 禁用默认的登录表单和HTTP基本认证 + .formLogin(form -> form.disable()) + .httpBasic(basic -> basic.disable()) + // 允许所有请求通过,取消默认登录验证 // .authorizeHttpRequests((authz) -> authz // .anyRequest().permitAll() // ) - // 禁用CSRF保护 - .csrf(csrf -> csrf.disable()) - // 设置会话创建策略为无状态 - .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)); + // 禁用CSRF保护 + .csrf(csrf -> csrf.disable()) + // 设置会话创建策略为无状态 + .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)); return http.build(); } + + @Bean + public CorsConfigurationSource corsConfigurationSource() { + CorsConfiguration configuration = new CorsConfiguration(); + configuration.setAllowedOriginPatterns(Arrays.asList("*")); + configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS")); + configuration.setAllowedHeaders(Arrays.asList("*")); + configuration.setAllowCredentials(true); + + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", configuration); + return source; + } } diff --git a/src/main/java/icu/sunway/ai_spring_example/Controllers/UserController.java b/src/main/java/icu/sunway/ai_spring_example/Controllers/UserController.java index a9f3b23..9d4f4e8 100644 --- a/src/main/java/icu/sunway/ai_spring_example/Controllers/UserController.java +++ b/src/main/java/icu/sunway/ai_spring_example/Controllers/UserController.java @@ -28,6 +28,7 @@ import java.util.Map; @RestController @RequestMapping("/user") @Slf4j +@CrossOrigin public class UserController { @Autowired