Commit eb969a5c8e705cf049b0afaf6f1f6437c7c9f736
1 parent
087c736a
fix #I1TAAP,跨域问题。如果客户端需要传递cookie,服务端需要设置Access-Control-Allow-Credentials为true
Showing
1 changed file
with
4 additions
and
0 deletions
jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/shiro/authc/aop/JwtFilter.java
| @@ -64,6 +64,10 @@ public class JwtFilter extends BasicHttpAuthenticationFilter { | @@ -64,6 +64,10 @@ public class JwtFilter extends BasicHttpAuthenticationFilter { | ||
| 64 | httpServletResponse.setHeader("Access-control-Allow-Origin", httpServletRequest.getHeader("Origin")); | 64 | httpServletResponse.setHeader("Access-control-Allow-Origin", httpServletRequest.getHeader("Origin")); |
| 65 | httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE"); | 65 | httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE"); |
| 66 | httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers")); | 66 | httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers")); |
| 67 | + | ||
| 68 | + // 是否允许发送Cookie,默认Cookie不包括在CORS请求之中。设为true时,表示服务器允许Cookie包含在请求中。 | ||
| 69 | + httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true"); | ||
| 70 | + | ||
| 67 | // 跨域时会首先发送一个option请求,这里我们给option请求直接返回正常状态 | 71 | // 跨域时会首先发送一个option请求,这里我们给option请求直接返回正常状态 |
| 68 | if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) { | 72 | if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) { |
| 69 | httpServletResponse.setStatus(HttpStatus.OK.value()); | 73 | httpServletResponse.setStatus(HttpStatus.OK.value()); |