Commit edd49834fef99a673281fa736658c3d320852b1b
Committed by
Gitee
!21 跨域请求时,客户端如果需要传递cookie,则必须设置Access-Control-Allow-Credentials为true。
Merge pull request !21 from dingxl18/I1TAAP_cors
Showing
1 changed file
with
4 additions
and
0 deletions
jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/shiro/authc/aop/JwtFilter.java
... | ... | @@ -64,6 +64,10 @@ public class JwtFilter extends BasicHttpAuthenticationFilter { |
64 | 64 | httpServletResponse.setHeader("Access-control-Allow-Origin", httpServletRequest.getHeader("Origin")); |
65 | 65 | httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE"); |
66 | 66 | httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers")); |
67 | + | |
68 | + // 是否允许发送Cookie,默认Cookie不包括在CORS请求之中。设为true时,表示服务器允许Cookie包含在请求中。 | |
69 | + httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true"); | |
70 | + | |
67 | 71 | // 跨域时会首先发送一个option请求,这里我们给option请求直接返回正常状态 |
68 | 72 | if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) { |
69 | 73 | httpServletResponse.setStatus(HttpStatus.OK.value()); |
... | ... |