From 2b8f2307b78eaf04502ff6044ca88e7b1ff89fce Mon Sep 17 00:00:00 2001
From: puzvv <1@>
Date: Sat, 20 Dec 2025 01:36:14 +0800
Subject: [PATCH] =?UTF-8?q?=E8=A7=A3=E5=86=B3=E4=BA=86=E9=99=A4GET?=
 =?UTF-8?q?=E6=96=B9=E6=B3=95=E5=A4=96=E7=9A=84=E8=B7=A8=E5=9F=9F=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98,=E9=87=8D=E5=86=99=E4=BA=86spring=20security=20?=
 =?UTF-8?q?=E9=85=8D=E7=BD=AE=E6=96=87=E4=BB=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../ai_spring_example/Config/CorsConfig.java  |  2 +-
 .../Config/SecurityConfig.java                | 38 ++++++++++++++-----
 .../Controllers/UserController.java           |  1 +
 3 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/src/main/java/icu/sunway/ai_spring_example/Config/CorsConfig.java b/src/main/java/icu/sunway/ai_spring_example/Config/CorsConfig.java
index f3ec50f..153659a 100644
--- a/src/main/java/icu/sunway/ai_spring_example/Config/CorsConfig.java
+++ b/src/main/java/icu/sunway/ai_spring_example/Config/CorsConfig.java
@@ -27,7 +27,7 @@ public class CorsConfig {
         config.addAllowedHeader("*");
         
         // 允许的请求方法
-        config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
+        config.addAllowedMethod("*");
         
         // 允许发送Cookie
         config.setAllowCredentials(true);
diff --git a/src/main/java/icu/sunway/ai_spring_example/Config/SecurityConfig.java b/src/main/java/icu/sunway/ai_spring_example/Config/SecurityConfig.java
index f68754c..fe24073 100644
--- a/src/main/java/icu/sunway/ai_spring_example/Config/SecurityConfig.java
+++ b/src/main/java/icu/sunway/ai_spring_example/Config/SecurityConfig.java
@@ -6,6 +6,11 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
 
 @Configuration
 @EnableWebSecurity
@@ -14,20 +19,33 @@ public class SecurityConfig {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
-            // 启用跨域配置
-            .cors(cors -> cors.configurationSource(request -> new org.springframework.web.cors.CorsConfiguration().applyPermitDefaultValues()))
-            // 禁用默认的登录表单和HTTP基本认证
-            .formLogin(form -> form.disable())
-            .httpBasic(basic -> basic.disable())
-            // 允许所有请求通过，取消默认登录验证
+                // 启用跨域配置
+                .cors(cors -> cors.configurationSource(corsConfigurationSource()))
+                // 禁用默认的登录表单和HTTP基本认证
+                .formLogin(form -> form.disable())
+                .httpBasic(basic -> basic.disable())
+                // 允许所有请求通过，取消默认登录验证
 //            .authorizeHttpRequests((authz) -> authz
 //                .anyRequest().permitAll()
 //            )
-            // 禁用CSRF保护
-            .csrf(csrf -> csrf.disable())
-            // 设置会话创建策略为无状态
-            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
+                // 禁用CSRF保护
+                .csrf(csrf -> csrf.disable())
+                // 设置会话创建策略为无状态
+                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
 
         return http.build();
     }
+
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOriginPatterns(Arrays.asList("*"));
+        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
+        configuration.setAllowedHeaders(Arrays.asList("*"));
+        configuration.setAllowCredentials(true);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
 }
diff --git a/src/main/java/icu/sunway/ai_spring_example/Controllers/UserController.java b/src/main/java/icu/sunway/ai_spring_example/Controllers/UserController.java
index a9f3b23..9d4f4e8 100644
--- a/src/main/java/icu/sunway/ai_spring_example/Controllers/UserController.java
+++ b/src/main/java/icu/sunway/ai_spring_example/Controllers/UserController.java
@@ -28,6 +28,7 @@ import java.util.Map;
 @RestController
 @RequestMapping("/user")
 @Slf4j
+@CrossOrigin
 public class UserController {
 
     @Autowired