From 36004d471ce31685fccf210f0334366445c90c4b Mon Sep 17 00:00:00 2001
From: guo <260206558@qq.com>
Date: Wed, 8 Jan 2025 16:31:35 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E5=9C=A8SpringBoot=202.4=E5=8F=8A?=
 =?UTF-8?q?=E4=BB=A5=E4=B8=8A=E7=89=88=E6=9C=AC=E5=A4=84=E7=90=86=E8=B7=A8?=
 =?UTF-8?q?=E5=9F=9F=E6=97=B6=EF=BC=8C=E9=81=87=E5=88=B0=E9=94=99=E8=AF=AF?=
 =?UTF-8?q?=E6=8F=90=E7=A4=BA=EF=BC=9A=E5=BD=93allowCredentials=E4=B8=BAtr?=
 =?UTF-8?q?ue=E6=97=B6=EF=BC=8CallowedOrigins=E4=B8=8D=E8=83=BD=E5=8C=85?=
 =?UTF-8?q?=E5=90=AB=E7=89=B9=E6=AE=8A=E5=80=BC"*"?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../genersoft/iot/vmp/conf/security/WebSecurityConfig.java  | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
index 2bdad1ff..7c468014 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
@@ -148,8 +148,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
             corsConfiguration.setAllowCredentials(true);
             corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins());
         }else {
-            corsConfiguration.setAllowCredentials(false);
-            corsConfiguration.setAllowedOrigins(Collections.singletonList(CorsConfiguration.ALL));
+            // 在SpringBoot 2.4及以上版本处理跨域时，遇到错误提示：当allowCredentials为true时，allowedOrigins不能包含特殊值"*"。
+            // 解决方法是明确指定allowedOrigins或使用allowedOriginPatterns。
+            corsConfiguration.setAllowCredentials(true);
+            corsConfiguration.addAllowedOriginPattern(CorsConfiguration.ALL); // 默认全部允许所有跨域
         }
 
         corsConfiguration.setExposedHeaders(Arrays.asList(JwtUtils.getHeader()));