优化：优化跨域配置

2022-12-26 23:23:33 +08:00 · 2022-12-26 23:23:33 +08:00 · 6a7ad96fa3
commit 6a7ad96fa3
parent 032eaa54a8
4 changed files with 93 additions and 6 deletions
--- a/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/config/WebMvcConfiguration.java
+++ b/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/config/WebMvcConfiguration.java
@ -18,6 +18,8 @@ package top.charles7c.cnadmin.common.config;

 import java.util.concurrent.TimeUnit;

+import lombok.RequiredArgsConstructor;
+
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.CacheControl;
@ -28,6 +30,8 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

+import top.charles7c.cnadmin.common.config.properties.CorsProperties;
+
 /**
 * Web MVC 配置
 *
@ -36,8 +40,11 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 */
@EnableWebMvc
@Configuration
+@RequiredArgsConstructor
 public class WebMvcConfiguration implements WebMvcConfigurer {

+    private final CorsProperties corsProperties;
+
    /**
     * 静态资源处理器配置
     */
@ -54,13 +61,17 @@ public class WebMvcConfiguration implements WebMvcConfigurer {
    @Bean
    public CorsFilter corsFilter() {
        CorsConfiguration config = new CorsConfiguration();
+        // 配置为 true 后则必须配置允许跨域的域名，且不允许配置为 *
        config.setAllowCredentials(true);
+        // 设置跨域允许时间
        config.setMaxAge(1800L);

-        // 允许跨域配置
-        config.addAllowedOriginPattern("*");
-        config.addAllowedHeader("*");
-        config.addAllowedMethod("*");
+        // 配置允许跨域的域名
+        corsProperties.getAllowedOrigins().forEach(config::addAllowedOrigin);
+        // 配置允许跨域的请求方式
+        corsProperties.getAllowedMethods().forEach(config::addAllowedMethod);
+        // 配置允许跨域的请求头
+        corsProperties.getAllowedHeaders().forEach(config::addAllowedHeader);

        // 添加映射路径，拦截一切请求
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
--- a/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/config/properties/CorsProperties.java
+++ b/continew-admin-common/src/main/java/top/charles7c/cnadmin/common/config/properties/CorsProperties.java
@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package top.charles7c.cnadmin.common.config.properties;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import lombok.Data;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+/**
+ * 跨域配置属性
+ *
+ * @author Charles7c
+ * @since 2022/12/26 22:56
+ */
+@Data
+@Component
+@ConfigurationProperties(prefix = "cors")
+public class CorsProperties {
+
+    /**
+     * 允许跨域的域名
+     */
+    private List<String> allowedOrigins = new ArrayList<>();
+
+    /**
+     * 允许跨域的请求方式
+     */
+    private List<String> allowedMethods = new ArrayList<>();
+
+    /**
+     * 允许跨域的请求头
+     */
+    private List<String> allowedHeaders = new ArrayList<>();
+}
--- a/continew-admin-webapi/src/main/resources/application-dev.yml
+++ b/continew-admin-webapi/src/main/resources/application-dev.yml
@ -104,4 +104,17 @@ captcha:
 --- ### 接口文档配置
 springdoc:
  swagger-ui:
-    enabled: true
+    enabled: true
+
+--- ### 跨域配置
+cors:
+  # 配置允许跨域的域名
+  allowedOrigins:
+    - http://127.0.0.1:5173
+    - http://localhost:5173
+    - http://cnadmin.charles7c.top
+    - https://cnadmin.charles7c.top
+  # 配置允许跨域的请求方式
+  allowedMethods: '*'
+  # 配置允许跨域的请求头
+  allowedHeaders: '*'
--- a/continew-admin-webapi/src/main/resources/application-prod.yml
+++ b/continew-admin-webapi/src/main/resources/application-prod.yml
@ -92,4 +92,15 @@ captcha:
 --- ### 接口文档配置
 springdoc:
  swagger-ui:
-    enabled: false
+    enabled: false
+
+--- ### 跨域配置
+cors:
+  # 配置允许跨域的域名
+  allowedOrigins:
+    - http://cnadmin.charles7c.top
+    - https://cnadmin.charles7c.top
+  # 配置允许跨域的请求方式
+  allowedMethods: '*'
+  # 配置允许跨域的请求头
+  allowedHeaders: '*'