zjs 1 vecka sedan
förälder
incheckning
368b73a31a
1 ändrade filer med 17 tillägg och 16 borttagningar
  1. 17 16
      ruoyi-common/src/main/java/com/ruoyi/common/filter/RestCorsFilter.java

+ 17 - 16
ruoyi-common/src/main/java/com/ruoyi/common/filter/RestCorsFilter.java

@@ -24,27 +24,28 @@ public class RestCorsFilter implements Filter {
24 24
         HttpServletResponse response = (HttpServletResponse) res;
25 25
         HttpServletRequest request = (HttpServletRequest) req;
26 26
 
27
-//        岗检服务器IP:10.152.72.7,访问时就是直接IP没有域名
28
-//        1、统一登录的地址(甲方系统):http://10.152.70.21:8080/cas/login
29
-//        2、岗检系统前端页面Nginx(统一登录成功后的跳转地址):http://10.152.72.5:8181/postcheck
30
-//        3、岗检系统后端接口:http://10.152.72.7:8180
31
-        String[] allowDomain = {"http://10.152.70.21:8080"//CAS服务器
32
-                , "http://10.152.72.7:8181"//岗检前端Nginx
33
-                , "*.connc.*"
34
-                //TODO 打包屏蔽-甲方部署时注释:甲方不需要本地登录功能采用单点登录
35
-//                , "http://192.168.3.32:81"//前端开发
36
-//                , "http://101.42.248.108:17003"//前端开发
37
-//                , "http://localhost"//前端开发
27
+        // 允许的来源
28
+        String[] allowDomain = {
29
+                "http://10.152.70.21:8080", // CAS服务器
30
+                "http://10.152.72.7:8181" ,// 岗检前端Nginx
31
+               // "*.cnooc.*"
32
+                // TODO 打包屏蔽-甲方部署时注释:甲方不需要本地登录功能采用单点登录
33
+                "http://192.168.3.32:81"  // 前端开发
38 34
         };
39 35
         Set<String> allowedOrigins = new HashSet<>(Arrays.asList(allowDomain));
40
-        String originHeader = request.getHeader("Origin");//http://IP:port
36
+        String originHeader = request.getHeader("Origin");
37
+
41 38
         if (allowedOrigins.contains(originHeader)) {
42 39
             response.setHeader("Access-Control-Allow-Origin", originHeader);
40
+            response.setHeader("Access-Control-Allow-Credentials", "true");
41
+            response.setHeader("Access-Control-Allow-Methods", "POST, GET, DELETE, PUT");
42
+            response.setHeader("Access-Control-Max-Age", "31536000");
43
+            response.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Requested-With");
44
+        } else {
45
+            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
46
+            return;
43 47
         }
44
-        response.setHeader("Access-Control-Allow-Credentials", "true");
45
-        response.setHeader("Access-Control-Allow-Methods", "POST, GET,DELETE,PUT");
46
-        response.setHeader("Access-Control-Max-Age", "31536000");
47
-        response.setHeader("Access-Control-Allow-Headers", "*");
48
+
48 49
         if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
49 50
             response.setStatus(HttpServletResponse.SC_OK);
50 51
         } else {