From a98ba4222cf4f061b14dafcf2dac8e551264ab59 Mon Sep 17 00:00:00 2001
From: litianxiang <litianxiangxtt@163.com>
Date: Tue, 5 May 2026 17:29:46 +0800
Subject: [PATCH] cors

---
 .../com/aida/gateway/config/CorsConfig.java   | 18 --------
 .../gateway/config/CorsWebFilterConfig.java   | 45 +++++++++++++++++++
 2 files changed, 45 insertions(+), 18 deletions(-)
 delete mode 100644 src/main/java/com/aida/gateway/config/CorsConfig.java
 create mode 100644 src/main/java/com/aida/gateway/config/CorsWebFilterConfig.java

diff --git a/src/main/java/com/aida/gateway/config/CorsConfig.java b/src/main/java/com/aida/gateway/config/CorsConfig.java
deleted file mode 100644
index bae4918..0000000
--- a/src/main/java/com/aida/gateway/config/CorsConfig.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package com.aida.gateway.config;
-
-import org.springframework.context.annotation.Configuration;
-import org.springframework.web.reactive.config.CorsRegistry;
-import org.springframework.web.reactive.config.WebFluxConfigurer;
-
-@Configuration
-public class CorsConfig implements WebFluxConfigurer {
-
-    @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**")
-                .allowedOriginPatterns("*")
-                .allowCredentials(true)
-                .allowedMethods("GET", "POST", "PUT", "DELETE")
-                .maxAge(3600);
-    }
-}
diff --git a/src/main/java/com/aida/gateway/config/CorsWebFilterConfig.java b/src/main/java/com/aida/gateway/config/CorsWebFilterConfig.java
new file mode 100644
index 0000000..1c2847e
--- /dev/null
+++ b/src/main/java/com/aida/gateway/config/CorsWebFilterConfig.java
@@ -0,0 +1,45 @@
+package com.aida.gateway.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.reactive.CorsWebFilter;
+import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
+
+/**
+ * Gateway CORS 过滤器配置
+ * 设置最高优先级，确保 CORS 过滤器在认证过滤器之前执行
+ */
+@Configuration
+public class CorsWebFilterConfig {
+
+    @Bean
+    @Order(Ordered.HIGHEST_PRECEDENCE)
+    public CorsWebFilter corsWebFilter() {
+        CorsConfiguration config = new CorsConfiguration();
+        
+        // 允许的来源模式（动态匹配）
+        config.addAllowedOriginPattern("*");
+        
+        // 允许的请求方法
+        config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"));
+        
+        // 允许的请求头
+        config.addAllowedHeader("*");
+        
+        // 允许携带凭证
+        config.setAllowCredentials(true);
+        
+        // 预检请求缓存时间
+        config.setMaxAge(3600L);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", config);
+
+        return new CorsWebFilter(source);
+    }
+}