Skip to content

G
gdtel-gztel-school-center
Commit 5baebd82 by 陈浩建
Options

CORS跨域漏洞修復

parent 5db85f65
Showing with 8 additions and 8 deletions
gateway/src/main/java/com/winsun/framework/zuul/ZuulServiceApplication.java
......@@ -20,7 +20,7 @@ public class ZuulServiceApplication {
public CorsFilter corsFilter() {
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
final CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true); // 允许cookies跨域
// config.setAllowCredentials(true); // 允许cookies跨域
config.addAllowedOrigin("http://localhost:3000");
config.addAllowedOrigin("https://dx.dianyuanjiangli.com");
config.addAllowedOrigin("*ytx.21cn.com");
......@@ -33,16 +33,16 @@ public class ZuulServiceApplication {
config.addAllowedOrigin("*enter.gd189.cn");
config.addAllowedOrigin("14.116.225.*");
config.addAllowedHeader("*");// 允许访问的头信息,*表示全部
config.setMaxAge(18000L);// 预检请求的缓存时间(秒),即在这个时间段里,对于相同的跨域请求不会再预检了
config.addAllowedMethod("*");// 允许提交请求的方法,*表示全部允许,也可以单独设置GET、PUT等
//c onfig.addAllowedMethod("HEAD");
config.addAllowedMethod("GET");// 允许Get的请求方法
// config.addAllowedHeader("*");// 允许访问的头信息,*表示全部
// config.setMaxAge(18000L);// 预检请求的缓存时间(秒),即在这个时间段里,对于相同的跨域请求不会再预检了
// config.addAllowedMethod("*");// 允许提交请求的方法,*表示全部允许,也可以单独设置GET、PUT等
// config.addAllowedMethod("HEAD");
// config.addAllowedMethod("GET");// 允许Get的请求方法
// config.addAllowedMethod("PUT");
config.addAllowedMethod("POST");
// config.addAllowedMethod("POST");
// config.addAllowedMethod("DELETE");
// config.addAllowedMethod("PATCH");
source.registerCorsConfiguration("/**", config);
// source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment