From 9395d8d2c9e59c33e2417d053b455446e2702a1e Mon Sep 17 00:00:00 2001 From: gushen610140 Date: Sun, 21 Dec 2025 03:04:40 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E9=98=B2=E6=AD=A2=20Security=20?= =?UTF-8?q?=E5=BD=B1=E5=93=8D=20Cors=20=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Config/SecurityConfig.java | 34 +++++++++---------- 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/src/main/java/icu/sunway/ai_spring_example/Config/SecurityConfig.java b/src/main/java/icu/sunway/ai_spring_example/Config/SecurityConfig.java index db00d1d..f79ff59 100644 --- a/src/main/java/icu/sunway/ai_spring_example/Config/SecurityConfig.java +++ b/src/main/java/icu/sunway/ai_spring_example/Config/SecurityConfig.java @@ -11,23 +11,21 @@ import org.springframework.security.web.SecurityFilterChain; @EnableWebSecurity public class SecurityConfig { - @Bean - public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { - http - // 启用跨域配置 - .cors(cors -> cors.configurationSource( - request -> new org.springframework.web.cors.CorsConfiguration().applyPermitDefaultValues())) - // 禁用默认的登录表单和HTTP基本认证 - .formLogin(form -> form.disable()) - .httpBasic(basic -> basic.disable()) - // 允许所有请求通过,取消默认登录验证 - .authorizeHttpRequests((authz) -> authz - .anyRequest().permitAll()) - // 禁用CSRF保护 - .csrf(csrf -> csrf.disable()) - // 设置会话创建策略为无状态 - .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)); + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + http + // 禁用默认的登录表单和HTTP基本认证 + .formLogin(form -> form.disable()) + .httpBasic(basic -> basic.disable()) + // 允许所有请求通过,取消默认登录验证 + .authorizeHttpRequests((authz) -> authz + .anyRequest().permitAll()) + // 禁用CSRF保护 + .csrf(csrf -> csrf.disable()) + // 设置会话创建策略为无状态 + .sessionManagement(session -> session + .sessionCreationPolicy(SessionCreationPolicy.STATELESS)); - return http.build(); - } + return http.build(); + } }