!21 跨域请求时，客户端如果需要传递cookie，则必须设置Access-Control-Allow-Credentials为true。

Merge pull request !21 from dingxl18/I1TAAP_cors

!21 跨域请求时，客户端如果需要传递cookie，则必须设置Access-Control-Allow-Credentials为true。
Merge pull request !21 from dingxl18/I1TAAP_cors
JEECG开源社区 · Gitee
2 parents 8865aa95 eb969a5c
Showing 1 changed file with 4 additions and 0 deletions
jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/shiro/authc/aop/JwtFilter.java
@@ -64,6 +64,10 @@ public class JwtFilter extends BasicHttpAuthenticationFilter {
 		httpServletResponse.setHeader("Access-control-Allow-Origin", httpServletRequest.getHeader("Origin"));
 		httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE");
 		httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers"));
+
+		// 是否允许发送Cookie，默认Cookie不包括在CORS请求之中。设为true时，表示服务器允许Cookie包含在请求中。
+		httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
+
 		// 跨域时会首先发送一个option请求，这里我们给option请求直接返回正常状态
 		if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
 			httpServletResponse.setStatus(HttpStatus.OK.value());