|
@@ -17,6 +17,7 @@ public class AllCorsHandler extends Handler {
|
|
|
public void handle(String target, HttpServletRequest request, HttpServletResponse response, boolean[] isHandled) {
|
|
public void handle(String target, HttpServletRequest request, HttpServletResponse response, boolean[] isHandled) {
|
|
|
// *** 关键修改:将 '*' 替换为具体的调用方域名 ***
|
|
// *** 关键修改:将 '*' 替换为具体的调用方域名 ***
|
|
|
String ALLOWED_ORIGIN = System.getenv("URL_BASE");
|
|
String ALLOWED_ORIGIN = System.getenv("URL_BASE");
|
|
|
|
|
+ String ALLOWED_ORIGIN_ADMIN = System.getenv("URL_BASE_ADMIN");
|
|
|
|
|
|
|
|
// 从请求头中获取 Origin
|
|
// 从请求头中获取 Origin
|
|
|
String origin = request.getHeader("Origin");
|
|
String origin = request.getHeader("Origin");
|
|
@@ -24,6 +25,7 @@ public class AllCorsHandler extends Handler {
|
|
|
if (StrKit.notBlank(origin)) {
|
|
if (StrKit.notBlank(origin)) {
|
|
|
// 可以在这里添加白名单校验,例如:
|
|
// 可以在这里添加白名单校验,例如:
|
|
|
if (origin.equals(ALLOWED_ORIGIN)
|
|
if (origin.equals(ALLOWED_ORIGIN)
|
|
|
|
|
+ || origin.equals(ALLOWED_ORIGIN_ADMIN)
|
|
|
|| origin.equals(ALLOWED_ORIGIN + ":9000")
|
|
|| origin.equals(ALLOWED_ORIGIN + ":9000")
|
|
|
|| origin.contains(":7777")
|
|
|| origin.contains(":7777")
|
|
|
|| origin.contains(":7778")) {
|
|
|| origin.contains(":7778")) {
|
