From 9a3375bd03b5ad99a940f19ae988773139015b40 Mon Sep 17 00:00:00 2001
From: lanyuanxiaoyao <lanyuanxiaoyao@gmail.com>
Date: Sat, 28 Jun 2025 17:23:19 +0800
Subject: [PATCH] =?UTF-8?q?fix(ai-web):=20=E4=BF=AE=E5=A4=8D=E8=B7=A8?=
 =?UTF-8?q?=E5=9F=9F=E9=94=99=E8=AF=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../service/configuration/SecurityConfig.java | 31 ++++++++++++++-----
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/service-ai/service-ai-core/src/main/java/com/lanyuanxiaoyao/service/configuration/SecurityConfig.java b/service-ai/service-ai-core/src/main/java/com/lanyuanxiaoyao/service/configuration/SecurityConfig.java
index 133db97..5742f8d 100644
--- a/service-ai/service-ai-core/src/main/java/com/lanyuanxiaoyao/service/configuration/SecurityConfig.java
+++ b/service-ai/service-ai-core/src/main/java/com/lanyuanxiaoyao/service/configuration/SecurityConfig.java
@@ -1,7 +1,5 @@
 package com.lanyuanxiaoyao.service.configuration;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
@@ -13,6 +11,9 @@ import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
 
 /**
  * @author lanyuanxiaoyao
@@ -21,17 +22,31 @@ import org.springframework.security.web.SecurityFilterChain;
 @Configuration
 @EnableWebSecurity
 public class SecurityConfig {
+  @Bean
+  public CorsFilter corsFilter() {
+    CorsConfiguration configuration = new CorsConfiguration();
+    configuration.setAllowCredentials(true);
+    configuration.addAllowedOriginPattern("*");
+    configuration.addAllowedHeader("*");
+    configuration.addAllowedMethod("*");
+    configuration.setMaxAge(7200L);
+    configuration.setAllowPrivateNetwork(true);
+    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+    source.registerCorsConfiguration("/**", configuration);
+    return new CorsFilter(source);
+  }
+
   @Bean
   public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
     return http.authorizeHttpRequests(
-        registry -> registry
-            .requestMatchers(HttpMethod.OPTIONS, "/**")
-            .permitAll()
-            .anyRequest()
-            .authenticated()
+            registry -> registry
+                .requestMatchers(HttpMethod.OPTIONS, "/**")
+                .permitAll()
+                .anyRequest()
+                .authenticated()
         )
         .httpBasic(Customizer.withDefaults())
-        .cors(AbstractHttpConfigurer::disable)
+        .cors(Customizer.withDefaults())
         .csrf(AbstractHttpConfigurer::disable)
         .formLogin(AbstractHttpConfigurer::disable)
         .build();