From c75b952dd38d82964c4778ea0df02cfeadaeddeb Mon Sep 17 00:00:00 2001 From: xilipilige <2106678195@qq.com> Date: Wed, 27 Nov 2019 21:02:54 +0800 Subject: [PATCH 1/2] add nacos console cors --- .../nacos/console/config/CorsConfig.java | 48 +++++++++++++++++++ .../console/config/WebSecurityConfig.java | 4 ++ 2 files changed, 52 insertions(+) create mode 100644 console/src/main/java/com/alibaba/nacos/console/config/CorsConfig.java diff --git a/console/src/main/java/com/alibaba/nacos/console/config/CorsConfig.java b/console/src/main/java/com/alibaba/nacos/console/config/CorsConfig.java new file mode 100644 index 00000000000..1996fe8819c --- /dev/null +++ b/console/src/main/java/com/alibaba/nacos/console/config/CorsConfig.java @@ -0,0 +1,48 @@ +/* + * Copyright 1999-2018 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.alibaba.nacos.console.config; + + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; +import org.springframework.web.filter.CorsFilter; + +/** + * Spring cors config + * + * @author yshen + */ +@Configuration +public class CorsConfig { + + + @Bean + public CorsFilter corsFilter() { + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + CorsConfiguration config = new CorsConfiguration(); + config.setAllowCredentials(true); + config.addAllowedOrigin("*"); + config.addAllowedHeader("*"); + config.setMaxAge(18000L); + config.addAllowedMethod("*"); + source.registerCorsConfiguration("/**", config); + return new CorsFilter(source); + } + +} diff --git a/console/src/main/java/com/alibaba/nacos/console/config/WebSecurityConfig.java b/console/src/main/java/com/alibaba/nacos/console/config/WebSecurityConfig.java index 1ef0eaff2c8..b4b9647de82 100644 --- a/console/src/main/java/com/alibaba/nacos/console/config/WebSecurityConfig.java +++ b/console/src/main/java/com/alibaba/nacos/console/config/WebSecurityConfig.java @@ -34,6 +34,7 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.web.cors.CorsUtils; /** * Spring security config @@ -84,7 +85,10 @@ public void configure(WebSecurity web) { @Override protected void configure(HttpSecurity http) throws Exception { http + //open cors + .cors().and() .authorizeRequests() + .requestMatchers(CorsUtils::isPreFlightRequest).permitAll() .anyRequest().authenticated().and() // custom token authorize exception handler .exceptionHandling() From 20c75f38fd4fcc11179c23a7d56dfb6203d6b129 Mon Sep 17 00:00:00 2001 From: xilipilige <2106678195@qq.com> Date: Thu, 28 Nov 2019 07:26:56 +0800 Subject: [PATCH 2/2] format code --- .../main/java/com/alibaba/nacos/console/config/CorsConfig.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/console/src/main/java/com/alibaba/nacos/console/config/CorsConfig.java b/console/src/main/java/com/alibaba/nacos/console/config/CorsConfig.java index 1996fe8819c..d42b18048d9 100644 --- a/console/src/main/java/com/alibaba/nacos/console/config/CorsConfig.java +++ b/console/src/main/java/com/alibaba/nacos/console/config/CorsConfig.java @@ -41,7 +41,7 @@ public CorsFilter corsFilter() { config.addAllowedHeader("*"); config.setMaxAge(18000L); config.addAllowedMethod("*"); - source.registerCorsConfiguration("/**", config); + source.registerCorsConfiguration("/**", config); return new CorsFilter(source); }