cors

src/main/java/com/aida/gateway/config/CorsWebFilterConfig.java

@@ -1,45 +0,0 @@
-package com.aida.gateway.config;
-
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.core.Ordered;
-import org.springframework.core.annotation.Order;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.reactive.CorsWebFilter;
-import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
-
-import java.util.Arrays;
-
-/**
- * Gateway CORS 过滤器配置
- * 设置最高优先级，确保 CORS 过滤器在认证过滤器之前执行
- */
-@Configuration
-public class CorsWebFilterConfig {
-
-    @Bean
-    @Order(Ordered.HIGHEST_PRECEDENCE)
-    public CorsWebFilter corsWebFilter() {
-        CorsConfiguration config = new CorsConfiguration();
-        
-        // 允许的来源模式（动态匹配）
-        config.addAllowedOriginPattern("*");
-        
-        // 允许的请求方法
-        config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"));
-        
-        // 允许的请求头
-        config.addAllowedHeader("*");
-        
-        // 允许携带凭证
-        config.setAllowCredentials(true);
-        
-        // 预检请求缓存时间
-        config.setMaxAge(3600L);
-
-        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-        source.registerCorsConfiguration("/**", config);
-
-        return new CorsWebFilter(source);
-    }
-}

src/main/java/com/aida/gateway/filter/GlobalAuthWebFilter.java

@@ -11,6 +11,7 @@ import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.security.Keys;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.core.Ordered;
 import org.springframework.core.io.buffer.DataBuffer;
 import org.springframework.data.redis.core.ReactiveRedisTemplate;
 import org.springframework.http.HttpStatus;
@@ -42,7 +43,12 @@ import org.springframework.beans.factory.annotation.Qualifier;
 @Slf4j
 @Component
 @RequiredArgsConstructor
-public class GlobalAuthWebFilter implements WebFilter {
+public class GlobalAuthWebFilter implements WebFilter, Ordered {
+
+    @Override
+    public int getOrder() {
+        return Ordered.LOWEST_PRECEDENCE - 1;
+    }
 
     private final GatewayAuthProperties authProperties;
     @Qualifier("reactiveRedisTemplate")
@@ -53,9 +59,13 @@ public class GlobalAuthWebFilter implements WebFilter {
     @Override
     public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
         String path = exchange.getRequest().getURI().getPath();
+        String origin = exchange.getRequest().getHeaders().getFirst("Origin");
+        String host = exchange.getRequest().getHeaders().getFirst("Host");
+        log.debug("Request received - Path: {}, Origin: {}, Host: {}, Method: {}",
+                path, origin, host, exchange.getRequest().getMethod());
 
-        // 1. 放过 OPTIONS 预检请求，由全局 CORS 配置处理
         if ("OPTIONS".equalsIgnoreCase(exchange.getRequest().getMethod().name())) {
+            log.debug("OPTIONS request detected, Origin: {}", origin);
             return chain.filter(exchange);
         }
 

src/main/resources/application.yml

@@ -11,6 +11,22 @@ spring:
     name: aida-gateway
   cloud:
     gateway:
+      globalcors:
+        cors-configurations:
+          '[/**]':
+            allowed-origin-patterns: "*"
+            allowed-methods:
+              - GET
+              - POST
+              - PUT
+              - DELETE
+              - OPTIONS
+              - PATCH
+            allowed-headers: "*"
+            allow-credentials: true
+            max-age: 3600
+      default-filters:
+        - DedupeResponseHeader=Access-Control-Allow-Origin Access-Control-Allow-Credentials
       # ---------- 路由配置 ----------
       routes:
         - id: aida-back