fix: 在SpringBoot 2.4及以上版本处理跨域时,遇到错误提示:当allowCredentials为true时,allowedOrigins不能包含特殊值"*"

pull/1759/head
guo 2025-01-08 16:31:35 +08:00
parent 812760efc3
commit 36004d471c
1 changed files with 4 additions and 2 deletions

View File

@ -148,8 +148,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
corsConfiguration.setAllowCredentials(true); corsConfiguration.setAllowCredentials(true);
corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins()); corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins());
}else { }else {
corsConfiguration.setAllowCredentials(false); // 在SpringBoot 2.4及以上版本处理跨域时遇到错误提示当allowCredentials为true时allowedOrigins不能包含特殊值"*"。
corsConfiguration.setAllowedOrigins(Collections.singletonList(CorsConfiguration.ALL)); // 解决方法是明确指定allowedOrigins或使用allowedOriginPatterns。
corsConfiguration.setAllowCredentials(true);
corsConfiguration.addAllowedOriginPattern(CorsConfiguration.ALL); // 默认全部允许所有跨域
} }
corsConfiguration.setExposedHeaders(Arrays.asList(JwtUtils.getHeader())); corsConfiguration.setExposedHeaders(Arrays.asList(JwtUtils.getHeader()));