1

src/main/java/com/fdkankan/tk/config/OriginFilter.java

@@ -34,25 +34,33 @@ public class OriginFilter implements Filter {
 	@Override
 	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
 
-		HttpServletResponse response = (HttpServletResponse) servletResponse;
 		HttpServletRequest request = (HttpServletRequest) servletRequest;
-		//指定允许其他域名访问
-		response.setHeader("Access-Control-Allow-Origin", "*");
-		// 允许请求的方法
-		response.setHeader("Access-Control-Allow-Methods", "POST,GET,OPTIONS,DELETE,PUT");
-		// 多少秒内，不需要再发送预检验请求，可以缓存该结果
+		HttpServletResponse response = (HttpServletResponse) servletResponse;
+		response.setHeader("x-frame-options", "SAMEORIGIN");
+		// 不使用*，自动适配跨域域名，避免携带Cookie时失效
+		String origin = request.getHeader("Origin");
+		log.info(origin);
+		if (StringUtils.isNotBlank(origin)) {
+			response.setHeader("Access-Control-Allow-Origin", origin);
+		}
+		// 自适应所有自定义头
+		String headers = request.getHeader("Access-Control-Request-Headers");
+		if(StringUtils.isNotBlank(headers)) {
+			response.setHeader("Access-Control-Allow-Headers", headers);
+			response.setHeader("Access-Control-Expose-Headers", headers);
+		}
+		// 允许跨域的请求方法类型
+		response.setHeader("Access-Control-Allow-Methods", "*");
+		// 预检命令（OPTIONS）缓存时间，单位：秒
 		response.setHeader("Access-Control-Max-Age", "3600");
-		// 表明它允许跨域请求包含xxx头
-		response.setHeader("Access-Control-Allow-Headers",
-				"Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires,userAgent,User-Agent,version, " +
-						" Content-Type, content-type,X-E4M-With,Authorization,token,authorization");
+		// 明确许可客户端发送Cookie，不允许删除字段即可
 		response.setHeader("Access-Control-Allow-Credentials", "true");
 		if (request.getMethod().equals("OPTIONS")) {
 			response.setStatus(200);
 			response.getWriter().write("OPTIONS returns OK");
 			return;
 		}
-		filterChain.doFilter(servletRequest, response);
+		filterChain.doFilter(request, response);
 	}
 }
 

src/main/java/com/fdkankan/tk/config/WebAppConfig.java

@@ -17,7 +17,7 @@ public class WebAppConfig implements WebMvcConfigurer {
 
 	@Override
 	public void addCorsMappings(CorsRegistry registry) {
-		registry.addMapping("/**").allowCredentials(false).allowedHeaders("*").allowedOrigins("*").allowedMethods("*");
+		registry.addMapping("/**").allowCredentials(true).allowedHeaders("*").allowedOrigins("*").allowedMethods("*");
 
 	}