From 05dee42e553fbb05fee9f000d609311351f252c1 Mon Sep 17 00:00:00 2001
From: fit2cloud-chenyw <yawen.chen@fit2cloud.com>
Date: Thu, 28 Nov 2024 10:12:38 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E5=A2=9E=E5=8A=A0=E6=98=AF=E5=90=A6?=
 =?UTF-8?q?=E4=B8=A5=E6=A0=BC=E6=A0=A1=E9=AA=8C=E8=B7=A8=E5=9F=9F=E9=85=8D?=
 =?UTF-8?q?=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../io/dataease/auth/interceptor/CorsConfig.java    | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsConfig.java b/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsConfig.java
index f3eb9d01f7..9d0b563e3a 100644
--- a/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsConfig.java
+++ b/sdk/common/src/main/java/io/dataease/auth/interceptor/CorsConfig.java
@@ -15,6 +15,9 @@ import java.util.List;
 @Configuration
 public class CorsConfig implements WebMvcConfigurer {
 
+    @Value("${dataease.cors-strict:false}")
+    private boolean corsStrict;
+
 
     @Value("#{'${dataease.origin-list:http://127.0.0.1:8100}'.split(',')}")
     private List<String> originList;
@@ -29,15 +32,19 @@ public class CorsConfig implements WebMvcConfigurer {
     @Override
     public void addCorsMappings(CorsRegistry registry) {
         operateCorsRegistration = registry.addMapping("/**")
-                .allowCredentials(true)
-                .allowedOrigins(originList.toArray(new String[0]))
+                .allowCredentials(false)
                 .allowedHeaders("*")
                 .maxAge(3600)
                 .allowedMethods("GET", "POST", "DELETE");
+        if (corsStrict) {
+            operateCorsRegistration.allowedOrigins(originList.toArray(new String[0]));
+            return;
+        }
+        operateCorsRegistration.allowedOrigins("*");
     }
 
     public void addAllowedOrigins(List<String> origins) {
-        if (CollectionUtils.isEmpty(origins)) {
+        if (!corsStrict || CollectionUtils.isEmpty(origins)) {
             return;
         }
         origins.addAll(originList);