!21 跨域请求时，客户端如果需要传递cookie，则必须设置Access-Control-Allow-Credentials为true。

Merge pull request !21 from dingxl18/I1TAAP_cors
2020-09-07 18:19:36 +08:00 · 2020-09-07 18:19:36 +08:00 · edd49834fe
parent 8865aa956a eb969a5c8e
commit edd49834fe
1 changed files with 4 additions and 0 deletions
--- a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/shiro/authc/aop/JwtFilter.java
+++ b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/shiro/authc/aop/JwtFilter.java
@ -64,6 +64,10 @@ public class JwtFilter extends BasicHttpAuthenticationFilter {
 		httpServletResponse.setHeader("Access-control-Allow-Origin", httpServletRequest.getHeader("Origin"));
 		httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE");
 		httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers"));
+
+		// 是否允许发送Cookie，默认Cookie不包括在CORS请求之中。设为true时，表示服务器允许Cookie包含在请求中。
+		httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
+
 		// 跨域时会首先发送一个option请求，这里我们给option请求直接返回正常状态
 		if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
 			httpServletResponse.setStatus(HttpStatus.OK.value());