最后测试

fiveep-service/src/main/java/com/bizmatics/service/config/CorsConfig.java

@@ -0,0 +1,32 @@
+package com.bizmatics.service.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+
+/**
+ * @author yq
+ * @date 2021/7/26 16:31
+ */
+@Configuration
+public class CorsConfig {
+
+    private CorsConfiguration buildConfig() {
+        CorsConfiguration corsConfiguration = new CorsConfiguration();
+        corsConfiguration.addAllowedOrigin("");
+        corsConfiguration.addAllowedHeader("");
+        corsConfiguration.addAllowedMethod("*");
+        corsConfiguration.setAllowCredentials(true);
+        return corsConfiguration;
+    }
+
+    @Bean
+    public CorsFilter corsFilter() {
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        // 配置所有请求
+        source.registerCorsConfiguration("/**", buildConfig());
+        return new CorsFilter(source);
+    }
+}

fiveep-service/src/main/java/com/bizmatics/service/config/MyWebConfigurer.java

@@ -1,25 +1,25 @@
-package com.bizmatics.service.config;
-
-import org.springframework.boot.SpringBootConfiguration;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
-
-@SpringBootConfiguration
-public class MyWebConfigurer implements WebMvcConfigurer {
-
-    @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        // 设置允许跨域的路径
-        /**
-         * 所有请求都允许跨域，使用这种配置就不需要
-         * 在interceptor中配置header了
-         */
-        registry.addMapping("/**")
-                .allowedOrigins("*")
-                .allowedMethods("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS")
-                .allowCredentials(true)
-                .maxAge(3600)
-                .allowedHeaders("*");
-    }
-
-}
+//package com.bizmatics.service.config;
+//
+//import org.springframework.boot.SpringBootConfiguration;
+//import org.springframework.web.servlet.config.annotation.CorsRegistry;
+//import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+//
+//@SpringBootConfiguration
+//public class MyWebConfigurer implements WebMvcConfigurer {
+//
+//    @Override
+//    public void addCorsMappings(CorsRegistry registry) {
+//        // 设置允许跨域的路径
+//        /**
+//         * 所有请求都允许跨域，使用这种配置就不需要
+//         * 在interceptor中配置header了
+//         */
+//        registry.addMapping("/**")
+//                .allowedOrigins("*")
+//                .allowedMethods("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS")
+//                .allowCredentials(true)
+//                .maxAge(3600)
+//                .allowedHeaders("*");
+//    }
+//
+//}

fiveep-service/src/main/java/com/bizmatics/service/config/SessionFilter.java

@@ -33,24 +33,16 @@ public class SessionFilter implements Filter {
 
     @Override
     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
-        HttpServletResponse  httpServletResponse = (HttpServletResponse)servletResponse;
+        HttpServletResponse  response = (HttpServletResponse)servletResponse;
         HttpServletRequest request = (HttpServletRequest)servletRequest;
+        response.setHeader("Access-Control-Allow-Origin", "*");
+        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
+        response.setHeader("Access-Control-Max-Age", "3600");
+        response.setHeader("Access-Control-Allow-Credentials", "true");
+        response.setHeader("Access-Control-Allow-Headers", "x-requested-with,Authorization,token, content-type");
         if(request.getMethod().toUpperCase().equals(RestRequest.Method.OPTIONS.name())){
             return;
         }
-        String origin = request.getHeader("Origin");
-        if(origin == null) {
-            origin = request.getHeader("Referer");
-        }
-        // 允许指定域访问跨域资源(这里不能写*，*代表接受所有域名访问，如写*则下面一行代码无效。谨记)
-        httpServletResponse.setHeader("Access-Control-Allow-Origin", origin);
-//        //true代表允许客户端携带cookie(此时origin值不能为“*”，只能为指定单一域名)
-//        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
-//        /// 允许浏览器在预检请求成功之后发送的实际请求方法名
-//        httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH");
-//        // 允许浏览器发送的请求消息头
-//        httpServletResponse.setHeader("Access-Control-Allow-Headers", "Authorization,Origin, X-Requested-With, Content-Type, Accept,Access-Token");
-
         String path = request.getRequestURI().substring(request.getContextPath().length()).replaceAll("[/]+$", "");
         boolean allowedPath = ALLOWED_PATHS.contains(path);
         if (!allowedPath){