Cors可信地址设置

core-service/src/main/java/com/winsun/auth/core/corsfilter/CorsFilterConfig.java

+package com.winsun.auth.core.corsfilter;
+
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+
+/**
+ *
+ * @author
+ *
+ * http://localhost:3000;
+ * https://dx.dianyuanjiangli.com;
+ * *ytx.21cn.com
+ * *api.weixin.qq.com
+ * *mp.weixin.qq.com
+ * *open.weixin.qq.com
+ * *mp.weixin.qq.com
+ * *ismart.mini189.cn
+ * *gzctpay.mini189.cn
+ * *enter.gd189.cn
+ * *icloud.mini189.cn
+ * 14.116.225.*
+ */
+//@Configuration
+public class CorsFilterConfig { //
+
+    //@Bean
+    public CorsFilter corsFilter() {
+        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        final CorsConfiguration config = new CorsConfiguration();
+        // 允许cookies跨域
+        config.setAllowCredentials(true);
+        // 允许向该服务器提交请求的URI，*表示全部允许。。这里尽量限制来源域，比如http://xxxx:8080 ,以降低安全风险。。
+        config.addAllowedOrigin("http://localhost:3000");
+        config.addAllowedOrigin("https://dx.dianyuanjiangli.com");
+        config.addAllowedOrigin("*ytx.21cn.com");
+        config.addAllowedOrigin("*api.weixin.qq.com");
+        config.addAllowedOrigin("*mp.weixin.qq.com");
+        config.addAllowedOrigin("*open.weixin.qq.com");
+        config.addAllowedOrigin("*mp.weixin.qq.com");
+        config.addAllowedOrigin("*ismart.mini189.cn");
+        config.addAllowedOrigin("*gzctpay.mini189.cn");
+        config.addAllowedOrigin("*enter.gd189.cn");
+        config.addAllowedOrigin("14.116.225.*");
+        // 允许访问的头信息,*表示全部
+        config.addAllowedHeader("*");
+        // 预检请求的缓存时间（秒），即在这个时间段里，对于相同的跨域请求不会再预检了
+        config.setMaxAge(18000L);
+        // 允许提交请求的方法，*表示全部允许，也可以单独设置GET、PUT等
+        config.addAllowedMethod("*");
+        config.addAllowedMethod("HEAD");
+        // 允许Get的请求方法
+        config.addAllowedMethod("GET");
+        config.addAllowedMethod("PUT");
+        config.addAllowedMethod("POST");
+        config.addAllowedMethod("DELETE");
+        config.addAllowedMethod("PATCH");
+        source.registerCorsConfiguration("/**", config);
+        return new CorsFilter(source);
+    }
+}

core-service/src/main/java/com/winsun/item/core/intercept/CorsFilter.java

+package com.winsun.item.core.intercept;
+
+import com.winsun.auth.core.support.WafRequestWrapper;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @author
+ */
+@Component
+public class CorsFilter implements Filter {
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        HttpServletResponse httpResponse = (HttpServletResponse) response;
+        WafRequestWrapper wafRequestWrapper = new WafRequestWrapper((HttpServletRequest) request);
+
+        httpResponse.setHeader("Access-Control-Allow-Origin", "http://localhost:3000");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "https://dx.dianyuanjiangli.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*ytx.21cn.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*api.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*mp.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*open.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*mp.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*ismart.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*gzctpay.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*enter.gd189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*icloud.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "14.116.225.*");
+
+        httpResponse.setHeader("Access-Control-Allow-Methods", wafRequestWrapper.getMethod());
+        httpResponse.setHeader("Access-Control-Max-Age", "3600");
+        httpResponse.setHeader("Access-Control-Allow-Headers", wafRequestWrapper.getHeader("Access-Control-Request-Headers"));
+        chain.doFilter(request, response);
+    }
+
+    @Override
+    public void destroy() {
+
+    }
+}

gateway/src/main/java/com/winsun/framework/zuul/ZuulServiceApplication.java

@@ -21,8 +21,18 @@ public class ZuulServiceApplication {
         final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         final CorsConfiguration config = new CorsConfiguration();
         config.setAllowCredentials(true); // 允许cookies跨域
-        // config.addAllowedOrigin("*");// 允许向该服务器提交请求的URI，*表示全部允许。。这里尽量限制来源域，比如http://xxxx:8080 ,以降低安全风险。。
-        config.addAllowedOrigin("https://dx.dianyuanjiangli.com");// 允许向该服务器提交请求的URI，*表示全部允许。。这里尽量限制来源域，比如http://xxxx:8080 ,以降低安全风险。。
+        config.addAllowedOrigin("http://localhost:3000");
+        config.addAllowedOrigin("https://dx.dianyuanjiangli.com");
+        config.addAllowedOrigin("*ytx.21cn.com");
+        config.addAllowedOrigin("*api.weixin.qq.com");
+        config.addAllowedOrigin("*mp.weixin.qq.com");
+        config.addAllowedOrigin("*open.weixin.qq.com");
+        config.addAllowedOrigin("*mp.weixin.qq.com");
+        config.addAllowedOrigin("*ismart.mini189.cn");
+        config.addAllowedOrigin("*gzctpay.mini189.cn");
+        config.addAllowedOrigin("*enter.gd189.cn");
+        config.addAllowedOrigin("14.116.225.*");
+
         config.addAllowedHeader("*");// 允许访问的头信息,*表示全部
         config.setMaxAge(18000L);// 预检请求的缓存时间（秒），即在这个时间段里，对于相同的跨域请求不会再预检了
         config.addAllowedMethod("*");// 允许提交请求的方法，*表示全部允许，也可以单独设置GET、PUT等

migration/src/main/java/com/winsun/auth/core/corsfilter/CorsFilterConfig.java

+package com.winsun.auth.core.corsfilter;
+
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+
+/**
+ *
+ * @author
+ *
+ * http://localhost:3000;
+ * https://dx.dianyuanjiangli.com;
+ * *ytx.21cn.com
+ * *api.weixin.qq.com
+ * *mp.weixin.qq.com
+ * *open.weixin.qq.com
+ * *mp.weixin.qq.com
+ * *ismart.mini189.cn
+ * *gzctpay.mini189.cn
+ * *enter.gd189.cn
+ * *icloud.mini189.cn
+ * 14.116.225.*
+ */
+//@Configuration
+public class CorsFilterConfig { //
+
+    //@Bean
+    public CorsFilter corsFilter() {
+        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        final CorsConfiguration config = new CorsConfiguration();
+        // 允许cookies跨域
+        config.setAllowCredentials(true);
+        // 允许向该服务器提交请求的URI，*表示全部允许。。这里尽量限制来源域，比如http://xxxx:8080 ,以降低安全风险。。
+        config.addAllowedOrigin("http://localhost:3000");
+        config.addAllowedOrigin("https://dx.dianyuanjiangli.com");
+        config.addAllowedOrigin("*ytx.21cn.com");
+        config.addAllowedOrigin("*api.weixin.qq.com");
+        config.addAllowedOrigin("*mp.weixin.qq.com");
+        config.addAllowedOrigin("*open.weixin.qq.com");
+        config.addAllowedOrigin("*mp.weixin.qq.com");
+        config.addAllowedOrigin("*ismart.mini189.cn");
+        config.addAllowedOrigin("*gzctpay.mini189.cn");
+        config.addAllowedOrigin("*enter.gd189.cn");
+        config.addAllowedOrigin("14.116.225.*");
+        // 允许访问的头信息,*表示全部
+        config.addAllowedHeader("*");
+        // 预检请求的缓存时间（秒），即在这个时间段里，对于相同的跨域请求不会再预检了
+        config.setMaxAge(18000L);
+        // 允许提交请求的方法，*表示全部允许，也可以单独设置GET、PUT等
+        config.addAllowedMethod("*");
+        config.addAllowedMethod("HEAD");
+        // 允许Get的请求方法
+        config.addAllowedMethod("GET");
+        config.addAllowedMethod("PUT");
+        config.addAllowedMethod("POST");
+        config.addAllowedMethod("DELETE");
+        config.addAllowedMethod("PATCH");
+        source.registerCorsConfiguration("/**", config);
+        return new CorsFilter(source);
+    }
+}

migration/src/main/java/com/winsun/item/core/intercept/CorsFilter.java

+package com.winsun.item.core.intercept;
+
+import com.winsun.auth.core.support.WafRequestWrapper;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @author
+ */
+@Component
+public class CorsFilter implements Filter {
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        HttpServletResponse httpResponse = (HttpServletResponse) response;
+        WafRequestWrapper wafRequestWrapper = new WafRequestWrapper((HttpServletRequest) request);
+
+        httpResponse.setHeader("Access-Control-Allow-Origin", "http://localhost:3000");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "https://dx.dianyuanjiangli.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*ytx.21cn.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*api.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*mp.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*open.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*mp.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*ismart.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*gzctpay.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*enter.gd189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*icloud.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "14.116.225.*");
+
+        httpResponse.setHeader("Access-Control-Allow-Methods", wafRequestWrapper.getMethod());
+        httpResponse.setHeader("Access-Control-Max-Age", "3600");
+        httpResponse.setHeader("Access-Control-Allow-Headers", wafRequestWrapper.getHeader("Access-Control-Request-Headers"));
+        chain.doFilter(request, response);
+    }
+
+    @Override
+    public void destroy() {
+
+    }
+}

new-user/src/main/java/com/winsun/auth/core/corsfilter/CorsFilterConfig.java

+package com.winsun.auth.core.corsfilter;
+
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+
+/**
+ *
+ * @author
+ *
+ * http://localhost:3000;
+ * https://dx.dianyuanjiangli.com;
+ * *ytx.21cn.com
+ * *api.weixin.qq.com
+ * *mp.weixin.qq.com
+ * *open.weixin.qq.com
+ * *mp.weixin.qq.com
+ * *ismart.mini189.cn
+ * *gzctpay.mini189.cn
+ * *enter.gd189.cn
+ * *icloud.mini189.cn
+ * 14.116.225.*
+ */
+//@Configuration
+public class CorsFilterConfig { //
+
+    //@Bean
+    public CorsFilter corsFilter() {
+        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        final CorsConfiguration config = new CorsConfiguration();
+        // 允许cookies跨域
+        config.setAllowCredentials(true);
+        // 允许向该服务器提交请求的URI，*表示全部允许。。这里尽量限制来源域，比如http://xxxx:8080 ,以降低安全风险。。
+        config.addAllowedOrigin("http://localhost:3000");
+        config.addAllowedOrigin("https://dx.dianyuanjiangli.com");
+        config.addAllowedOrigin("*ytx.21cn.com");
+        config.addAllowedOrigin("*api.weixin.qq.com");
+        config.addAllowedOrigin("*mp.weixin.qq.com");
+        config.addAllowedOrigin("*open.weixin.qq.com");
+        config.addAllowedOrigin("*mp.weixin.qq.com");
+        config.addAllowedOrigin("*ismart.mini189.cn");
+        config.addAllowedOrigin("*gzctpay.mini189.cn");
+        config.addAllowedOrigin("*enter.gd189.cn");
+        config.addAllowedOrigin("14.116.225.*");
+        // 允许访问的头信息,*表示全部
+        config.addAllowedHeader("*");
+        // 预检请求的缓存时间（秒），即在这个时间段里，对于相同的跨域请求不会再预检了
+        config.setMaxAge(18000L);
+        // 允许提交请求的方法，*表示全部允许，也可以单独设置GET、PUT等
+        config.addAllowedMethod("*");
+        config.addAllowedMethod("HEAD");
+        // 允许Get的请求方法
+        config.addAllowedMethod("GET");
+        config.addAllowedMethod("PUT");
+        config.addAllowedMethod("POST");
+        config.addAllowedMethod("DELETE");
+        config.addAllowedMethod("PATCH");
+        source.registerCorsConfiguration("/**", config);
+        return new CorsFilter(source);
+    }
+}

new-user/src/main/java/com/winsun/item/core/intercept/CorsFilter.java

+package com.winsun.item.core.intercept;
+
+import com.winsun.auth.core.support.WafRequestWrapper;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @author
+ */
+@Component
+public class CorsFilter implements Filter {
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        HttpServletResponse httpResponse = (HttpServletResponse) response;
+        WafRequestWrapper wafRequestWrapper = new WafRequestWrapper((HttpServletRequest) request);
+
+        httpResponse.setHeader("Access-Control-Allow-Origin", "http://localhost:3000");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "https://dx.dianyuanjiangli.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*ytx.21cn.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*api.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*mp.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*open.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*mp.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*ismart.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*gzctpay.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*enter.gd189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*icloud.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "14.116.225.*");
+
+        httpResponse.setHeader("Access-Control-Allow-Methods", wafRequestWrapper.getMethod());
+        httpResponse.setHeader("Access-Control-Max-Age", "3600");
+        httpResponse.setHeader("Access-Control-Allow-Headers", wafRequestWrapper.getHeader("Access-Control-Request-Headers"));
+        chain.doFilter(request, response);
+    }
+
+    @Override
+    public void destroy() {
+
+    }
+}

old-user/src/main/java/com/winsun/auth/core/corsfilter/CorsFilterConfig.java

+package com.winsun.auth.core.corsfilter;
+
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+
+/**
+ *
+ * @author
+ *
+ * http://localhost:3000;
+ * https://dx.dianyuanjiangli.com;
+ * *ytx.21cn.com
+ * *api.weixin.qq.com
+ * *mp.weixin.qq.com
+ * *open.weixin.qq.com
+ * *mp.weixin.qq.com
+ * *ismart.mini189.cn
+ * *gzctpay.mini189.cn
+ * *enter.gd189.cn
+ * *icloud.mini189.cn
+ * 14.116.225.*
+ */
+//@Configuration
+public class CorsFilterConfig { //
+
+    //@Bean
+    public CorsFilter corsFilter() {
+        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        final CorsConfiguration config = new CorsConfiguration();
+        // 允许cookies跨域
+        config.setAllowCredentials(true);
+        // 允许向该服务器提交请求的URI，*表示全部允许。。这里尽量限制来源域，比如http://xxxx:8080 ,以降低安全风险。。
+        config.addAllowedOrigin("http://localhost:3000");
+        config.addAllowedOrigin("https://dx.dianyuanjiangli.com");
+        config.addAllowedOrigin("*ytx.21cn.com");
+        config.addAllowedOrigin("*api.weixin.qq.com");
+        config.addAllowedOrigin("*mp.weixin.qq.com");
+        config.addAllowedOrigin("*open.weixin.qq.com");
+        config.addAllowedOrigin("*mp.weixin.qq.com");
+        config.addAllowedOrigin("*ismart.mini189.cn");
+        config.addAllowedOrigin("*gzctpay.mini189.cn");
+        config.addAllowedOrigin("*enter.gd189.cn");
+        config.addAllowedOrigin("14.116.225.*");
+        // 允许访问的头信息,*表示全部
+        config.addAllowedHeader("*");
+        // 预检请求的缓存时间（秒），即在这个时间段里，对于相同的跨域请求不会再预检了
+        config.setMaxAge(18000L);
+        // 允许提交请求的方法，*表示全部允许，也可以单独设置GET、PUT等
+        config.addAllowedMethod("*");
+        config.addAllowedMethod("HEAD");
+        // 允许Get的请求方法
+        config.addAllowedMethod("GET");
+        config.addAllowedMethod("PUT");
+        config.addAllowedMethod("POST");
+        config.addAllowedMethod("DELETE");
+        config.addAllowedMethod("PATCH");
+        source.registerCorsConfiguration("/**", config);
+        return new CorsFilter(source);
+    }
+}

old-user/src/main/java/com/winsun/item/core/intercept/CorsFilter.java

+package com.winsun.item.core.intercept;
+
+import com.winsun.auth.core.support.WafRequestWrapper;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @author
+ */
+@Component
+public class CorsFilter implements Filter {
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        HttpServletResponse httpResponse = (HttpServletResponse) response;
+        WafRequestWrapper wafRequestWrapper = new WafRequestWrapper((HttpServletRequest) request);
+
+        httpResponse.setHeader("Access-Control-Allow-Origin", "http://localhost:3000");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "https://dx.dianyuanjiangli.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*ytx.21cn.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*api.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*mp.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*open.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*mp.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*ismart.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*gzctpay.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*enter.gd189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*icloud.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "14.116.225.*");
+
+        httpResponse.setHeader("Access-Control-Allow-Methods", wafRequestWrapper.getMethod());
+        httpResponse.setHeader("Access-Control-Max-Age", "3600");
+        httpResponse.setHeader("Access-Control-Allow-Headers", wafRequestWrapper.getHeader("Access-Control-Request-Headers"));
+        chain.doFilter(request, response);
+    }
+
+    @Override
+    public void destroy() {
+
+    }
+}

order/src/main/java/com/winsun/auth/core/corsfilter/CorsFilterConfig.java

+package com.winsun.auth.core.corsfilter;
+
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+
+/**
+ *
+ * @author
+ *
+ * http://localhost:3000;
+ * https://dx.dianyuanjiangli.com;
+ * *ytx.21cn.com
+ * *api.weixin.qq.com
+ * *mp.weixin.qq.com
+ * *open.weixin.qq.com
+ * *mp.weixin.qq.com
+ * *ismart.mini189.cn
+ * *gzctpay.mini189.cn
+ * *enter.gd189.cn
+ * *icloud.mini189.cn
+ * 14.116.225.*
+ */
+//@Configuration
+public class CorsFilterConfig { //
+
+    //@Bean
+    public CorsFilter corsFilter() {
+        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        final CorsConfiguration config = new CorsConfiguration();
+        // 允许cookies跨域
+        config.setAllowCredentials(true);
+        // 允许向该服务器提交请求的URI，*表示全部允许。。这里尽量限制来源域，比如http://xxxx:8080 ,以降低安全风险。。
+        config.addAllowedOrigin("http://localhost:3000");
+        config.addAllowedOrigin("https://dx.dianyuanjiangli.com");
+        config.addAllowedOrigin("*ytx.21cn.com");
+        config.addAllowedOrigin("*api.weixin.qq.com");
+        config.addAllowedOrigin("*mp.weixin.qq.com");
+        config.addAllowedOrigin("*open.weixin.qq.com");
+        config.addAllowedOrigin("*mp.weixin.qq.com");
+        config.addAllowedOrigin("*ismart.mini189.cn");
+        config.addAllowedOrigin("*gzctpay.mini189.cn");
+        config.addAllowedOrigin("*enter.gd189.cn");
+        config.addAllowedOrigin("14.116.225.*");
+        // 允许访问的头信息,*表示全部
+        config.addAllowedHeader("*");
+        // 预检请求的缓存时间（秒），即在这个时间段里，对于相同的跨域请求不会再预检了
+        config.setMaxAge(18000L);
+        // 允许提交请求的方法，*表示全部允许，也可以单独设置GET、PUT等
+        config.addAllowedMethod("*");
+        config.addAllowedMethod("HEAD");
+        // 允许Get的请求方法
+        config.addAllowedMethod("GET");
+        config.addAllowedMethod("PUT");
+        config.addAllowedMethod("POST");
+        config.addAllowedMethod("DELETE");
+        config.addAllowedMethod("PATCH");
+        source.registerCorsConfiguration("/**", config);
+        return new CorsFilter(source);
+    }
+}

order/src/main/java/com/winsun/item/core/intercept/CorsFilter.java

+package com.winsun.item.core.intercept;
+
+import com.winsun.auth.core.support.WafRequestWrapper;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @author
+ */
+@Component
+public class CorsFilter implements Filter {
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        HttpServletResponse httpResponse = (HttpServletResponse) response;
+        WafRequestWrapper wafRequestWrapper = new WafRequestWrapper((HttpServletRequest) request);
+
+        httpResponse.setHeader("Access-Control-Allow-Origin", "http://localhost:3000");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "https://dx.dianyuanjiangli.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*ytx.21cn.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*api.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*mp.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*open.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*mp.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*ismart.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*gzctpay.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*enter.gd189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*icloud.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "14.116.225.*");
+
+        httpResponse.setHeader("Access-Control-Allow-Methods", wafRequestWrapper.getMethod());
+        httpResponse.setHeader("Access-Control-Max-Age", "3600");
+        httpResponse.setHeader("Access-Control-Allow-Headers", wafRequestWrapper.getHeader("Access-Control-Request-Headers"));
+        chain.doFilter(request, response);
+    }
+
+    @Override
+    public void destroy() {
+
+    }
+}

renewal-user/src/main/java/com/winsun/auth/core/corsfilter/CorsFilterConfig.java

+package com.winsun.auth.core.corsfilter;
+
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+
+/**
+ *
+ * @author
+ *
+ * http://localhost:3000;
+ * https://dx.dianyuanjiangli.com;
+ * *ytx.21cn.com
+ * *api.weixin.qq.com
+ * *mp.weixin.qq.com
+ * *open.weixin.qq.com
+ * *mp.weixin.qq.com
+ * *ismart.mini189.cn
+ * *gzctpay.mini189.cn
+ * *enter.gd189.cn
+ * *icloud.mini189.cn
+ * 14.116.225.*
+ */
+//@Configuration
+public class CorsFilterConfig { //
+
+    //@Bean
+    public CorsFilter corsFilter() {
+        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        final CorsConfiguration config = new CorsConfiguration();
+        // 允许cookies跨域
+        config.setAllowCredentials(true);
+        // 允许向该服务器提交请求的URI，*表示全部允许。。这里尽量限制来源域，比如http://xxxx:8080 ,以降低安全风险。。
+        config.addAllowedOrigin("http://localhost:3000");
+        config.addAllowedOrigin("https://dx.dianyuanjiangli.com");
+        config.addAllowedOrigin("*ytx.21cn.com");
+        config.addAllowedOrigin("*api.weixin.qq.com");
+        config.addAllowedOrigin("*mp.weixin.qq.com");
+        config.addAllowedOrigin("*open.weixin.qq.com");
+        config.addAllowedOrigin("*mp.weixin.qq.com");
+        config.addAllowedOrigin("*ismart.mini189.cn");
+        config.addAllowedOrigin("*gzctpay.mini189.cn");
+        config.addAllowedOrigin("*enter.gd189.cn");
+        config.addAllowedOrigin("14.116.225.*");
+        // 允许访问的头信息,*表示全部
+        config.addAllowedHeader("*");
+        // 预检请求的缓存时间（秒），即在这个时间段里，对于相同的跨域请求不会再预检了
+        config.setMaxAge(18000L);
+        // 允许提交请求的方法，*表示全部允许，也可以单独设置GET、PUT等
+        config.addAllowedMethod("*");
+        config.addAllowedMethod("HEAD");
+        // 允许Get的请求方法
+        config.addAllowedMethod("GET");
+        config.addAllowedMethod("PUT");
+        config.addAllowedMethod("POST");
+        config.addAllowedMethod("DELETE");
+        config.addAllowedMethod("PATCH");
+        source.registerCorsConfiguration("/**", config);
+        return new CorsFilter(source);
+    }
+}

renewal-user/src/main/java/com/winsun/item/core/intercept/CorsFilter.java

+package com.winsun.item.core.intercept;
+
+import com.winsun.auth.core.support.WafRequestWrapper;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @author
+ */
+@Component
+public class CorsFilter implements Filter {
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        HttpServletResponse httpResponse = (HttpServletResponse) response;
+        WafRequestWrapper wafRequestWrapper = new WafRequestWrapper((HttpServletRequest) request);
+
+        httpResponse.setHeader("Access-Control-Allow-Origin", "http://localhost:3000");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "https://dx.dianyuanjiangli.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*ytx.21cn.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*api.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*mp.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*open.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*mp.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*ismart.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*gzctpay.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*enter.gd189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*icloud.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "14.116.225.*");
+
+        httpResponse.setHeader("Access-Control-Allow-Methods", wafRequestWrapper.getMethod());
+        httpResponse.setHeader("Access-Control-Max-Age", "3600");
+        httpResponse.setHeader("Access-Control-Allow-Headers", wafRequestWrapper.getHeader("Access-Control-Request-Headers"));
+        chain.doFilter(request, response);
+    }
+
+    @Override
+    public void destroy() {
+
+    }
+}

service-manager/src/main/java/com/winsun/auth/core/corsfilter/CorsFilterConfig.java

+package com.winsun.auth.core.corsfilter;
+
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+
+/**
+ *
+ * @author
+ *
+ * http://localhost:3000;
+ * https://dx.dianyuanjiangli.com;
+ * *ytx.21cn.com
+ * *api.weixin.qq.com
+ * *mp.weixin.qq.com
+ * *open.weixin.qq.com
+ * *mp.weixin.qq.com
+ * *ismart.mini189.cn
+ * *gzctpay.mini189.cn
+ * *enter.gd189.cn
+ * *icloud.mini189.cn
+ * 14.116.225.*
+ */
+//@Configuration
+public class CorsFilterConfig { //
+
+    //@Bean
+    public CorsFilter corsFilter() {
+        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        final CorsConfiguration config = new CorsConfiguration();
+        // 允许cookies跨域
+        config.setAllowCredentials(true);
+        // 允许向该服务器提交请求的URI，*表示全部允许。。这里尽量限制来源域，比如http://xxxx:8080 ,以降低安全风险。。
+        config.addAllowedOrigin("http://localhost:3000");
+        config.addAllowedOrigin("https://dx.dianyuanjiangli.com");
+        config.addAllowedOrigin("*ytx.21cn.com");
+        config.addAllowedOrigin("*api.weixin.qq.com");
+        config.addAllowedOrigin("*mp.weixin.qq.com");
+        config.addAllowedOrigin("*open.weixin.qq.com");
+        config.addAllowedOrigin("*mp.weixin.qq.com");
+        config.addAllowedOrigin("*ismart.mini189.cn");
+        config.addAllowedOrigin("*gzctpay.mini189.cn");
+        config.addAllowedOrigin("*enter.gd189.cn");
+        config.addAllowedOrigin("14.116.225.*");
+        // 允许访问的头信息,*表示全部
+        config.addAllowedHeader("*");
+        // 预检请求的缓存时间（秒），即在这个时间段里，对于相同的跨域请求不会再预检了
+        config.setMaxAge(18000L);
+        // 允许提交请求的方法，*表示全部允许，也可以单独设置GET、PUT等
+        config.addAllowedMethod("*");
+        config.addAllowedMethod("HEAD");
+        // 允许Get的请求方法
+        config.addAllowedMethod("GET");
+        config.addAllowedMethod("PUT");
+        config.addAllowedMethod("POST");
+        config.addAllowedMethod("DELETE");
+        config.addAllowedMethod("PATCH");
+        source.registerCorsConfiguration("/**", config);
+        return new CorsFilter(source);
+    }
+}

service-manager/src/main/java/com/winsun/item/core/intercept/CorsFilter.java

+package com.winsun.item.core.intercept;
+
+import com.winsun.auth.core.support.WafRequestWrapper;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * @author
+ */
+@Component
+public class CorsFilter implements Filter {
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        HttpServletResponse httpResponse = (HttpServletResponse) response;
+        WafRequestWrapper wafRequestWrapper = new WafRequestWrapper((HttpServletRequest) request);
+
+        httpResponse.setHeader("Access-Control-Allow-Origin", "http://localhost:3000");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "https://dx.dianyuanjiangli.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*ytx.21cn.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*api.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*mp.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*open.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*mp.weixin.qq.com");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*ismart.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*gzctpay.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*enter.gd189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "*icloud.mini189.cn");
+        httpResponse.setHeader("Access-Control-Allow-Origin", "14.116.225.*");
+
+        httpResponse.setHeader("Access-Control-Allow-Methods", wafRequestWrapper.getMethod());
+        httpResponse.setHeader("Access-Control-Max-Age", "3600");
+        httpResponse.setHeader("Access-Control-Allow-Headers", wafRequestWrapper.getHeader("Access-Control-Request-Headers"));
+        chain.doFilter(request, response);
+    }
+
+    @Override
+    public void destroy() {
+
+    }
+}