在WebSecurityConfigurerAdapter的config的HttpSecurity http里面实现cors.并且创建一个CorsConfiguationSource的实例
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.addAllowedOrigin("*");//修改为添加而不是设置,* 最好改为实际的需要,我这是非生产配置,所以粗暴了一点
configuration.addAllowedMethod("*");//修改为添加而不是设置
configuration.addAllowedHeader("*");//这里很重要,起码需要允许 Access-Control-Allow-Origin
configuration.setAllowCredentials(true);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().cors();
}
}
网友评论