%!s(int64=4) %!d(string=hai) anos · b8a101ff84
--- a/fiveep-service/src/main/java/com/bizmatics/service/config/MyWebConfigurer.java
+++ b/fiveep-service/src/main/java/com/bizmatics/service/config/MyWebConfigurer.java
@@ -1,25 +1,25 @@
 
				-//package com.bizmatics.service.config;
			
 
				-//
			
 
				-//import org.springframework.boot.SpringBootConfiguration;
			
 
				-//import org.springframework.web.servlet.config.annotation.CorsRegistry;
			
 
				-//import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
			
 
				-//
			
 
				-//@SpringBootConfiguration
			
 
				-//public class MyWebConfigurer implements WebMvcConfigurer {
			
 
				-//
			
 
				-//    @Override
			
 
				-//    public void addCorsMappings(CorsRegistry registry) {
			
 
				-//        // 设置允许跨域的路径
			
 
				-//        /**
			
 
				-//         * 所有请求都允许跨域，使用这种配置就不需要
			
 
				-//         * 在interceptor中配置header了
			
 
				-//         */
			
 
				-//        registry.addMapping("/**")
			
 
				-//                .allowCredentials(true)
			
 
				-//                .allowedOrigins("*")
			
 
				-//                .allowedMethods("POST", "GET", "PUT", "OPTIONS", "DELETE")
			
 
				-//                .allowedHeaders("*")
			
 
				-//                .maxAge(3600);
			
 
				-//    }
			
 
				-//
			
 
				-//}
			
 
				+package com.bizmatics.service.config;
			
 
				+
			
 
				+import org.springframework.boot.SpringBootConfiguration;
			
 
				+import org.springframework.web.servlet.config.annotation.CorsRegistry;
			
 
				+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
			
 
				+
			
 
				+@SpringBootConfiguration
			
 
				+public class MyWebConfigurer implements WebMvcConfigurer {
			
 
				+
			
 
				+    @Override
			
 
				+    public void addCorsMappings(CorsRegistry registry) {
			
 
				+        // 设置允许跨域的路径
			
 
				+        /**
			
 
				+         * 所有请求都允许跨域，使用这种配置就不需要
			
 
				+         * 在interceptor中配置header了
			
 
				+         */
			
 
				+        registry.addMapping("/**")
			
 
				+                .allowedOrigins("*")
			
 
				+                .allowedMethods("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS")
			
 
				+                .allowCredentials(true)
			
 
				+                .maxAge(3600)
			
 
				+                .allowedHeaders("*");
			
 
				+    }
			
 
				+
			
 
				+}
			
--- a/fiveep-service/src/main/java/com/bizmatics/service/config/SessionFilter.java
+++ b/fiveep-service/src/main/java/com/bizmatics/service/config/SessionFilter.java
@@ -5,7 +5,6 @@ import com.bizmatics.common.core.exception.BusinessException;
 
				 import com.bizmatics.model.User;
			
 
				 import com.bizmatics.service.util.SessionLocal;
			
 
				 import lombok.extern.slf4j.Slf4j;
			
 
				-import org.elasticsearch.rest.RestRequest;
			
 
				 import org.springframework.stereotype.Component;
			
 
				 
			
 
				 import javax.servlet.*;
			
@@ -35,21 +34,21 @@ public class SessionFilter implements Filter {
 
				     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
			
 
				         HttpServletResponse  httpServletResponse = (HttpServletResponse)servletResponse;
			
 
				         HttpServletRequest request = (HttpServletRequest)servletRequest;
			
 
				-        String origin = request.getHeader("Origin");
			
 
				-        if(origin == null) {
			
 
				-            origin = request.getHeader("Referer");
			
 
				-        }
			
 
				-        httpServletResponse.setHeader("Access-Control-Allow-Origin", origin);
			
 
				-        httpServletResponse.setHeader("Access-Control-Allow-Methods",
			
 
				-                "POST, GET, OPTIONS, DELETE");
			
 
				-        httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
			
 
				-//        httpServletResponse.setHeader("Access-Control-Allow-Headers",
			
 
				-//                "Content-Type, x-requested-with, X-Custom-Header, Request-Ajax");//允许自定义的请求头
			
 
				-        httpServletResponse.setHeader("Access-Control-Allow-Headers", "*");
			
 
				-        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");  //关键设置
			
 
				-        if(request.getMethod().toUpperCase().equals(RestRequest.Method.OPTIONS.name())){
			
 
				-            return;
			
 
				-        }
			
 
				+//        String origin = request.getHeader("Origin");
			
 
				+//        if(origin == null) {
			
 
				+//            origin = request.getHeader("Referer");
			
 
				+//        }
			
 
				+//        // 允许指定域访问跨域资源(这里不能写*，*代表接受所有域名访问，如写*则下面一行代码无效。谨记)
			
 
				+//        httpServletResponse.setHeader("Access-Control-Allow-Origin", origin);
			
 
				+//        //true代表允许客户端携带cookie(此时origin值不能为“*”，只能为指定单一域名)
			
 
				+//        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
			
 
				+//        /// 允许浏览器在预检请求成功之后发送的实际请求方法名
			
 
				+//        httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH");
			
 
				+//        // 允许浏览器发送的请求消息头
			
 
				+//        httpServletResponse.setHeader("Access-Control-Allow-Headers", "Authorization,Origin, X-Requested-With, Content-Type, Accept,Access-Token");
			
 
				+//        if(request.getMethod().toUpperCase().equals(RestRequest.Method.OPTIONS.name())){
			
 
				+//            return;
			
 
				+//        }
			
 
				 
			
 
				         String path = request.getRequestURI().substring(request.getContextPath().length()).replaceAll("[/]+$", "");
			
 
				         boolean allowedPath = ALLOWED_PATHS.contains(path);