From fc74ce9de4c38d56ee429893758776eeb5432e9b Mon Sep 17 00:00:00 2001
From: 648540858 <648540858@qq.com>
Date: 星期三, 31 一月 2024 17:25:32 +0800
Subject: [PATCH] Merge branch '2.6.9' into wvp-28181-2.0

---
 src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
index afc8105..ad959d6 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
@@ -25,6 +25,7 @@
 
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 
 /**
  * 閰嶇疆Spring Security
@@ -135,8 +136,14 @@
         corsConfiguration.setAllowedHeaders(Arrays.asList("*"));
         corsConfiguration.setAllowedMethods(Arrays.asList("*"));
         corsConfiguration.setMaxAge(3600L);
-        corsConfiguration.setAllowCredentials(true);
-        corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins());
+        if (userSetting.getAllowedOrigins() != null && !userSetting.getAllowedOrigins().isEmpty()) {
+            corsConfiguration.setAllowCredentials(true);
+            corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins());
+        }else {
+            corsConfiguration.setAllowCredentials(false);
+            corsConfiguration.setAllowedOrigins(Collections.singletonList(CorsConfiguration.ALL));
+        }
+
         corsConfiguration.setExposedHeaders(Arrays.asList(JwtUtils.getHeader()));
 
         UrlBasedCorsConfigurationSource url = new UrlBasedCorsConfigurationSource();

--
Gitblit v1.8.0