fix(ai-web): 修复跨域错误

2025-06-28 17:23:19 +08:00
parent 2c808a5bc9
commit 9a3375bd03
1 changed files with 23 additions and 8 deletions
--- a/service-ai/service-ai-core/src/main/java/com/lanyuanxiaoyao/service/configuration/SecurityConfig.java
+++ b/service-ai/service-ai-core/src/main/java/com/lanyuanxiaoyao/service/configuration/SecurityConfig.java
@@ -1,7 +1,5 @@
 package com.lanyuanxiaoyao.service.configuration;

-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
@@ -13,6 +11,9 @@ import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;

 /**
 * @author lanyuanxiaoyao
@@ -21,17 +22,31 @@ import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
 public class SecurityConfig {
+  @Bean
+  public CorsFilter corsFilter() {
+    CorsConfiguration configuration = new CorsConfiguration();
+    configuration.setAllowCredentials(true);
+    configuration.addAllowedOriginPattern("*");
+    configuration.addAllowedHeader("*");
+    configuration.addAllowedMethod("*");
+    configuration.setMaxAge(7200L);
+    configuration.setAllowPrivateNetwork(true);
+    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+    source.registerCorsConfiguration("/**", configuration);
+    return new CorsFilter(source);
+  }
+
  @Bean
  public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    return http.authorizeHttpRequests(
-        registry -> registry
-            .requestMatchers(HttpMethod.OPTIONS, "/**")
-            .permitAll()
-            .anyRequest()
-            .authenticated()
+            registry -> registry
+                .requestMatchers(HttpMethod.OPTIONS, "/**")
+                .permitAll()
+                .anyRequest()
+                .authenticated()
        )
        .httpBasic(Customizer.withDefaults())
-        .cors(AbstractHttpConfigurer::disable)
+        .cors(Customizer.withDefaults())
        .csrf(AbstractHttpConfigurer::disable)
        .formLogin(AbstractHttpConfigurer::disable)
        .build();