cors

src/main/java/com/aida/gateway/config/CorsConfig.java

@@ -1,18 +0,0 @@
-package com.aida.gateway.config;
-
-import org.springframework.context.annotation.Configuration;
-import org.springframework.web.reactive.config.CorsRegistry;
-import org.springframework.web.reactive.config.WebFluxConfigurer;
-
-@Configuration
-public class CorsConfig implements WebFluxConfigurer {
-
-    @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**")
-                .allowedOriginPatterns("*")
-                .allowCredentials(true)
-                .allowedMethods("GET", "POST", "PUT", "DELETE")
-                .maxAge(3600);
-    }
-}

src/main/java/com/aida/gateway/config/CorsWebFilterConfig.java

@@ -0,0 +1,45 @@
+package com.aida.gateway.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.reactive.CorsWebFilter;
+import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
+
+/**
+ * Gateway CORS 过滤器配置
+ * 设置最高优先级，确保 CORS 过滤器在认证过滤器之前执行
+ */
+@Configuration
+public class CorsWebFilterConfig {
+
+    @Bean
+    @Order(Ordered.HIGHEST_PRECEDENCE)
+    public CorsWebFilter corsWebFilter() {
+        CorsConfiguration config = new CorsConfiguration();
+        
+        // 允许的来源模式（动态匹配）
+        config.addAllowedOriginPattern("*");
+        
+        // 允许的请求方法
+        config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"));
+        
+        // 允许的请求头
+        config.addAllowedHeader("*");
+        
+        // 允许携带凭证
+        config.setAllowCredentials(true);
+        
+        // 预检请求缓存时间
+        config.setMaxAge(3600L);
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", config);
+
+        return new CorsWebFilter(source);
+    }
+}