cors
This commit is contained in:
litianxiang
@@ -1,45 +0,0 @@
|
||||
package com.aida.gateway.config;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.web.cors.CorsConfiguration;
|
||||
import org.springframework.web.cors.reactive.CorsWebFilter;
|
||||
import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
/**
|
||||
* Gateway CORS 过滤器配置
|
||||
* 设置最高优先级,确保 CORS 过滤器在认证过滤器之前执行
|
||||
*/
|
||||
@Configuration
|
||||
public class CorsWebFilterConfig {
|
||||
|
||||
@Bean
|
||||
@Order(Ordered.HIGHEST_PRECEDENCE)
|
||||
public CorsWebFilter corsWebFilter() {
|
||||
CorsConfiguration config = new CorsConfiguration();
|
||||
|
||||
// 允许的来源模式(动态匹配)
|
||||
config.addAllowedOriginPattern("*");
|
||||
|
||||
// 允许的请求方法
|
||||
config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"));
|
||||
|
||||
// 允许的请求头
|
||||
config.addAllowedHeader("*");
|
||||
|
||||
// 允许携带凭证
|
||||
config.setAllowCredentials(true);
|
||||
|
||||
// 预检请求缓存时间
|
||||
config.setMaxAge(3600L);
|
||||
|
||||
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
||||
source.registerCorsConfiguration("/**", config);
|
||||
|
||||
return new CorsWebFilter(source);
|
||||
}
|
||||
}
|
||||
@@ -11,6 +11,7 @@ import io.jsonwebtoken.Jwts;
|
||||
import io.jsonwebtoken.security.Keys;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.core.io.buffer.DataBuffer;
|
||||
import org.springframework.data.redis.core.ReactiveRedisTemplate;
|
||||
import org.springframework.http.HttpStatus;
|
||||
@@ -42,7 +43,12 @@ import org.springframework.beans.factory.annotation.Qualifier;
|
||||
@Slf4j
|
||||
@Component
|
||||
@RequiredArgsConstructor
|
||||
public class GlobalAuthWebFilter implements WebFilter {
|
||||
public class GlobalAuthWebFilter implements WebFilter, Ordered {
|
||||
|
||||
@Override
|
||||
public int getOrder() {
|
||||
return Ordered.LOWEST_PRECEDENCE - 1;
|
||||
}
|
||||
|
||||
private final GatewayAuthProperties authProperties;
|
||||
@Qualifier("reactiveRedisTemplate")
|
||||
@@ -53,9 +59,13 @@ public class GlobalAuthWebFilter implements WebFilter {
|
||||
@Override
|
||||
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
|
||||
String path = exchange.getRequest().getURI().getPath();
|
||||
String origin = exchange.getRequest().getHeaders().getFirst("Origin");
|
||||
String host = exchange.getRequest().getHeaders().getFirst("Host");
|
||||
log.debug("Request received - Path: {}, Origin: {}, Host: {}, Method: {}",
|
||||
path, origin, host, exchange.getRequest().getMethod());
|
||||
|
||||
// 1. 放过 OPTIONS 预检请求,由全局 CORS 配置处理
|
||||
if ("OPTIONS".equalsIgnoreCase(exchange.getRequest().getMethod().name())) {
|
||||
log.debug("OPTIONS request detected, Origin: {}", origin);
|
||||
return chain.filter(exchange);
|
||||
}
|
||||
|
||||
|
||||
@@ -11,6 +11,22 @@ spring:
|
||||
name: aida-gateway
|
||||
cloud:
|
||||
gateway:
|
||||
globalcors:
|
||||
cors-configurations:
|
||||
'[/**]':
|
||||
allowed-origin-patterns: "*"
|
||||
allowed-methods:
|
||||
- GET
|
||||
- POST
|
||||
- PUT
|
||||
- DELETE
|
||||
- OPTIONS
|
||||
- PATCH
|
||||
allowed-headers: "*"
|
||||
allow-credentials: true
|
||||
max-age: 3600
|
||||
default-filters:
|
||||
- DedupeResponseHeader=Access-Control-Allow-Origin Access-Control-Allow-Credentials
|
||||
# ---------- 路由配置 ----------
|
||||
routes:
|
||||
- id: aida-back
|
||||
|
||||
Reference in New Issue
Block a user