From 363918b3f7b4c3b1ae112b9b80524de5f69ce3a8 Mon Sep 17 00:00:00 2001
From: ikmkj <1@qq,com>
Date: Thu, 8 Jan 2026 18:07:20 +0800
Subject: [PATCH] =?UTF-8?q?feat(security):=20=E6=B7=BB=E5=8A=A0CORS?=
 =?UTF-8?q?=E9=85=8D=E7=BD=AE=E5=B9=B6=E8=B0=83=E6=95=B4=E8=B7=A8=E5=9F=9F?=
 =?UTF-8?q?=E7=AD=96=E7=95=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 在SecurityConfig中添加CORS配置，允许所有源、方法和头部
- 设置CORS凭证为false以避免与通配符冲突
- 在WebConfig中将allowCredentials设置为false
- 更新注释说明凭证配置的变更原因
---
 .../java/com/test/bijihoudaun/config/SecurityConfig.java  | 8 ++++++++
 .../main/java/com/test/bijihoudaun/config/WebConfig.java  | 4 ++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java
index 0140a0c..7e2b66c 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/config/SecurityConfig.java
@@ -72,6 +72,14 @@ public class SecurityConfig {
                 };
 
         http
+                .cors(cors -> cors.configurationSource(request -> {
+                    org.springframework.web.cors.CorsConfiguration config = new org.springframework.web.cors.CorsConfiguration();
+                    config.addAllowedOriginPattern("*");
+                    config.addAllowedMethod("*");
+                    config.addAllowedHeader("*");
+                    config.setAllowCredentials(false); // 与CORS配置保持一致
+                    return config;
+                }))
                 .csrf(csrf -> csrf.disable())   // 配置了 CSRF 禁用、无状态会话管理
                 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(authz -> authz
diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/config/WebConfig.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/config/WebConfig.java
index d14b773..9625772 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/config/WebConfig.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/config/WebConfig.java
@@ -11,10 +11,10 @@ public class WebConfig implements WebMvcConfigurer {
     @Override
     public void addCorsMappings(CorsRegistry registry) {
         registry.addMapping("/**")
-                .allowedOriginPatterns("*") // 使用allowedOriginPatterns
+                .allowedOriginPatterns("*") // 允许所有源
                 .allowedMethods("*")
                 .allowedHeaders("*")
-                .allowCredentials(true) // 允许凭证
+                .allowCredentials(false) // 不允许凭证，否则与通配符冲突
                 .maxAge(3600); // 预检请求缓存时间
     }