1

src/main/java/com/fdkankan/fusion/config/OriginFilter.java

@@ -1,5 +1,6 @@
 package com.fdkankan.fusion.config;
 
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.boot.web.servlet.ServletComponentScan;
 import org.springframework.stereotype.Component;
 
@@ -32,17 +33,18 @@ public class OriginFilter implements Filter {
 		HttpServletResponse response = (HttpServletResponse) servletResponse;
 		HttpServletRequest request = (HttpServletRequest) servletRequest;
 		//指定允许其他域名访问
-		response.setHeader("Access-Control-Allow-Origin", "*");
-		response.setContentType("*/*");
+		String origin = request.getHeader("Origin");
+		response.setHeader("Access-Control-Allow-Origin", origin);
 		// 允许请求的方法
-		response.setHeader("Access-Control-Allow-Methods", "POST,GET,OPTIONS,DELETE,PUT");
+		response.setHeader("Access-Control-Allow-Methods", "*");
 		// 多少秒内，不需要再发送预检验请求，可以缓存该结果
 		response.setHeader("Access-Control-Max-Age", "3600");
 		// 表明它允许跨域请求包含xxx头
-		response.setHeader("Access-Control-Allow-Headers",
-				"Origin,No-Cache,X-Requested-With,If-Modified-Since, Pragma,Last-Modified,Cache-Control,Expires,userAgent,User-Agent,version, " +
-				" Content-Type, content-type,X-E4M-With,Authorization,token,authorization,share,Sec-Fetch-Mode,Sec-Fetch-Site,Sec-Fetch-Dest,sec-ch-ua-platform" +
-						",sec-ch-ua-mobile,sec-ch-ua,Referer,Host,Connection,Accept-Language,Accept-Encoding,Accept,Cookie");
+		String headers = request.getHeader("Access-Control-Request-Headers");
+		if(StringUtils.isNotBlank(headers)) {
+			response.setHeader("Access-Control-Allow-Headers", headers);
+			response.setHeader("Access-Control-Expose-Headers", headers);
+		}
 		response.setHeader("Access-Control-Allow-Credentials", "true");
 		response.setHeader("XDomainRequestAllowed","1");
 		if (request.getMethod().equals("OPTIONS")) {