From eb969a5c8e705cf049b0afaf6f1f6437c7c9f736 Mon Sep 17 00:00:00 2001
From: dingxl <dingxl>
Date: Sat, 5 Sep 2020 22:58:34 +0800
Subject: [PATCH] fix #I1TAAP，跨域问题。如果客户端需要传递cookie，服务端需要设置Access-Control-Allow-Credentials为true

---
 jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/shiro/authc/aop/JwtFilter.java | 4 ++++
 1 file changed, 4 insertions(+), 0 deletions(-)

diff --git a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/shiro/authc/aop/JwtFilter.java b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/shiro/authc/aop/JwtFilter.java
index 33210d1..7931ec6 100644
--- a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/shiro/authc/aop/JwtFilter.java
+++ b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/shiro/authc/aop/JwtFilter.java
@@ -64,6 +64,10 @@ public class JwtFilter extends BasicHttpAuthenticationFilter {
 		httpServletResponse.setHeader("Access-control-Allow-Origin", httpServletRequest.getHeader("Origin"));
 		httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE");
 		httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers"));
+
+		// 是否允许发送Cookie，默认Cookie不包括在CORS请求之中。设为true时，表示服务器允许Cookie包含在请求中。
+		httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
+
 		// 跨域时会首先发送一个option请求，这里我们给option请求直接返回正常状态
 		if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
 			httpServletResponse.setStatus(HttpStatus.OK.value());
--
libgit2 0.22.2