升级springboot2.4.0后, allowedOrigin不能用通配符*
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
CorsConfiguration corsConfiguration = new CorsConfiguration();
// 是否允许请求带有验证信息
corsConfiguration.setAllowCredentials(true);
// 允许访问的客户端域名
corsConfiguration.addAllowedOrigin("*");
// 允许服务端访问的客户端请求头
corsConfiguration.addAllowedHeader("*");
// 允许访问的方法名,GET POST等
corsConfiguration.addAllowedMethod("*");
urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
return new CorsFilter(urlBasedCorsConfigurationSource);
}
异常:
java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value "*"since that cannot be set on the “Access-Control-Allow-Origin” response header. To allow credentials to a set of origins, list them explicitly or consider using “allowedOriginPatterns” instead.