fix(configuration): 优化安全配置

2025-07-02 16:25:06 +08:00
parent 9277d1690c
commit cdf51cc85f
2 changed files with 23 additions and 5 deletions
--- a/service-gateway/src/main/java/com/lanyuanxiaoyao/service/gateway/configuration/SecurityConfiguration.java
+++ b/service-gateway/src/main/java/com/lanyuanxiaoyao/service/gateway/configuration/SecurityConfiguration.java
@@ -10,7 +10,7 @@ import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.reactive.CorsConfigurationSource;
+import org.springframework.web.cors.reactive.CorsWebFilter;
 import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;

 /**
@@ -33,22 +33,23 @@ public class SecurityConfiguration {
                .httpBasic()
                .disable()
                .cors()
-                .configurationSource(corsConfigurationSource())
                .and()
                .csrf()
                .disable()
                .build();
    }

-    private CorsConfigurationSource corsConfigurationSource() {
+    @Bean
+    public CorsWebFilter corsWebFilter() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowCredentials(true);
        configuration.addAllowedHeader("*");
        configuration.addAllowedMethod("*");
        configuration.addAllowedOriginPattern("*");
+        configuration.setMaxAge(7200L);
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
-        return source;
+        return new CorsWebFilter(source);
    }

    @Bean