Commit edd49834fef99a673281fa736658c3d320852b1b

Authored by JEECG开源社区
Committed by Gitee
2 parents 8865aa95 eb969a5c

!21 跨域请求时,客户端如果需要传递cookie,则必须设置Access-Control-Allow-Credentials为true。

Merge pull request !21 from dingxl18/I1TAAP_cors
jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/shiro/authc/aop/JwtFilter.java
... ... @@ -64,6 +64,10 @@ public class JwtFilter extends BasicHttpAuthenticationFilter {
64 64 httpServletResponse.setHeader("Access-control-Allow-Origin", httpServletRequest.getHeader("Origin"));
65 65 httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE");
66 66 httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers"));
  67 +
  68 + // 是否允许发送Cookie,默认Cookie不包括在CORS请求之中。设为true时,表示服务器允许Cookie包含在请求中。
  69 + httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
  70 +
67 71 // 跨域时会首先发送一个option请求,这里我们给option请求直接返回正常状态
68 72 if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
69 73 httpServletResponse.setStatus(HttpStatus.OK.value());
... ...