From 02ad5aad06f71ad7cbd43817af156c09e4116330 Mon Sep 17 00:00:00 2001 From: XuqmGroup Date: Thu, 21 May 2026 10:44:33 +0800 Subject: [PATCH] =?UTF-8?q?fix(private):=20=E7=A7=81=E6=9C=89=E5=8C=96?= =?UTF-8?q?=E9=83=A8=E7=BD=B2=20CORS=20=E6=94=BE=E5=BC=80=E6=89=80?= =?UTF-8?q?=E6=9C=89=20Origin?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 私有化部署时客户使用自定义域名,原硬编码的 *.xuqinmin.com 白名单 导致 WebSocket 握手和跨域请求被 Spring Security CORS 过滤器拒绝(426/403)。 检测 DEPLOYMENT_MODE=PRIVATE 环境变量,私有化模式下允许所有 Origin。 影响范围:im-service / file-service / license-service / update-service。 Co-Authored-By: Claude Sonnet 4.6 --- .../com/xuqm/file/config/SecurityConfig.java | 17 +++++++++++------ .../java/com/xuqm/im/config/SecurityConfig.java | 17 +++++++++++------ .../com/xuqm/license/config/SecurityConfig.java | 17 +++++++++++------ .../com/xuqm/update/config/SecurityConfig.java | 17 +++++++++++------ 4 files changed, 44 insertions(+), 24 deletions(-) diff --git a/file-service/src/main/java/com/xuqm/file/config/SecurityConfig.java b/file-service/src/main/java/com/xuqm/file/config/SecurityConfig.java index 462951f..83b1649 100644 --- a/file-service/src/main/java/com/xuqm/file/config/SecurityConfig.java +++ b/file-service/src/main/java/com/xuqm/file/config/SecurityConfig.java @@ -54,12 +54,17 @@ public class SecurityConfig { public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); - config.setAllowedOriginPatterns(List.of( - "http://localhost:*", - "http://127.0.0.1:*", - "http://*.xuqinmin.com", - "https://*.xuqinmin.com" - )); + String deployMode = System.getenv("DEPLOYMENT_MODE"); + if ("PRIVATE".equalsIgnoreCase(deployMode)) { + config.setAllowedOriginPatterns(List.of("*")); + } else { + config.setAllowedOriginPatterns(List.of( + "http://localhost:*", + "http://127.0.0.1:*", + "http://*.xuqinmin.com", + "https://*.xuqinmin.com" + )); + } config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS")); config.setAllowedHeaders(List.of("*")); config.setExposedHeaders(List.of("Content-Disposition", "Location")); diff --git a/im-service/src/main/java/com/xuqm/im/config/SecurityConfig.java b/im-service/src/main/java/com/xuqm/im/config/SecurityConfig.java index 95b407a..eee051c 100644 --- a/im-service/src/main/java/com/xuqm/im/config/SecurityConfig.java +++ b/im-service/src/main/java/com/xuqm/im/config/SecurityConfig.java @@ -59,12 +59,17 @@ public class SecurityConfig { public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); - config.setAllowedOriginPatterns(List.of( - "http://localhost:*", - "http://127.0.0.1:*", - "http://*.xuqinmin.com", - "https://*.xuqinmin.com" - )); + String deployMode = System.getenv("DEPLOYMENT_MODE"); + if ("PRIVATE".equalsIgnoreCase(deployMode)) { + config.setAllowedOriginPatterns(List.of("*")); + } else { + config.setAllowedOriginPatterns(List.of( + "http://localhost:*", + "http://127.0.0.1:*", + "http://*.xuqinmin.com", + "https://*.xuqinmin.com" + )); + } config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS")); config.setAllowedHeaders(List.of("*")); config.setExposedHeaders(List.of("Location")); diff --git a/license-service/src/main/java/com/xuqm/license/config/SecurityConfig.java b/license-service/src/main/java/com/xuqm/license/config/SecurityConfig.java index 1413923..79a6a34 100644 --- a/license-service/src/main/java/com/xuqm/license/config/SecurityConfig.java +++ b/license-service/src/main/java/com/xuqm/license/config/SecurityConfig.java @@ -51,12 +51,17 @@ public class SecurityConfig { public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); - config.setAllowedOriginPatterns(List.of( - "http://localhost:*", - "http://127.0.0.1:*", - "http://*.xuqinmin.com", - "https://*.xuqinmin.com" - )); + String deployMode = System.getenv("DEPLOYMENT_MODE"); + if ("PRIVATE".equalsIgnoreCase(deployMode)) { + config.setAllowedOriginPatterns(List.of("*")); + } else { + config.setAllowedOriginPatterns(List.of( + "http://localhost:*", + "http://127.0.0.1:*", + "http://*.xuqinmin.com", + "https://*.xuqinmin.com" + )); + } config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS")); config.setAllowedHeaders(List.of("*")); config.setExposedHeaders(List.of("Location")); diff --git a/update-service/src/main/java/com/xuqm/update/config/SecurityConfig.java b/update-service/src/main/java/com/xuqm/update/config/SecurityConfig.java index 60cff35..d210fa0 100644 --- a/update-service/src/main/java/com/xuqm/update/config/SecurityConfig.java +++ b/update-service/src/main/java/com/xuqm/update/config/SecurityConfig.java @@ -60,12 +60,17 @@ public class SecurityConfig { public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); - config.setAllowedOriginPatterns(List.of( - "http://localhost:*", - "http://127.0.0.1:*", - "http://*.xuqinmin.com", - "https://*.xuqinmin.com" - )); + String deployMode = System.getenv("DEPLOYMENT_MODE"); + if ("PRIVATE".equalsIgnoreCase(deployMode)) { + config.setAllowedOriginPatterns(List.of("*")); + } else { + config.setAllowedOriginPatterns(List.of( + "http://localhost:*", + "http://127.0.0.1:*", + "http://*.xuqinmin.com", + "https://*.xuqinmin.com" + )); + } config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS")); config.setAllowedHeaders(List.of("*")); config.setExposedHeaders(List.of("Location"));