Merge pull request #13624 from dataease/pr@dev-v2@perf_cors_config

feat: 增加是否严格校验跨域配置

sdk/common/src/main/java/io/dataease/auth/interceptor/CorsConfig.java

@@ -15,6 +15,9 @@ import java.util.List;
 @Configuration
 public class CorsConfig implements WebMvcConfigurer {
 
+    @Value("${dataease.cors-strict:false}")
+    private boolean corsStrict;
+
 
     @Value("#{'${dataease.origin-list:http://127.0.0.1:8100}'.split(',')}")
     private List<String> originList;
@@ -29,15 +32,19 @@ public class CorsConfig implements WebMvcConfigurer {
     @Override
     public void addCorsMappings(CorsRegistry registry) {
         operateCorsRegistration = registry.addMapping("/**")
-                .allowCredentials(true)
+                .allowCredentials(false)
-                .allowedOrigins(originList.toArray(new String[0]))
                 .allowedHeaders("*")
                 .maxAge(3600)
                 .allowedMethods("GET", "POST", "DELETE");
+        if (corsStrict) {
+            operateCorsRegistration.allowedOrigins(originList.toArray(new String[0]));
+            return;
+        }
+        operateCorsRegistration.allowedOrigins("*");
     }
 
     public void addAllowedOrigins(List<String> origins) {
-        if (CollectionUtils.isEmpty(origins)) {
+        if (!corsStrict || CollectionUtils.isEmpty(origins)) {
             return;
         }
         origins.addAll(originList);