xuqmGroup/XuqmGroup-Server
0
0
派生 0
代码 工单 合并请求 版本发布 百科 动态

fix(private): 私有化部署 CORS 放开所有 Origin

浏览代码 
私有化部署时客户使用自定义域名,原硬编码的 *.xuqinmin.com 白名单
导致 WebSocket 握手和跨域请求被 Spring Security CORS 过滤器拒绝(426/403)。
检测 DEPLOYMENT_MODE=PRIVATE 环境变量,私有化模式下允许所有 Origin。
影响范围:im-service / file-service / license-service / update-service。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
这个提交包含在:
XuqmGroup 2026-05-21 10:44:33 +08:00
父节点 897326ff0f
当前提交 02ad5aad06
共有 4 个文件被更改,包括 44 次插入24 次删除
显示统计 下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

5
file-service/src/main/java/com/xuqm/file/config/SecurityConfig.java
查看文件

@ -54,12 +54,17 @@ public class SecurityConfig {
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
String deployMode = System.getenv("DEPLOYMENT_MODE");
if ("PRIVATE".equalsIgnoreCase(deployMode)) {
config.setAllowedOriginPatterns(List.of("*"));
} else {
config.setAllowedOriginPatterns(List.of(
"http://localhost:*",
"http://127.0.0.1:*",
"http://*.xuqinmin.com",
"https://*.xuqinmin.com"
));
}
config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
config.setAllowedHeaders(List.of("*"));
config.setExposedHeaders(List.of("Content-Disposition", "Location"));

5
im-service/src/main/java/com/xuqm/im/config/SecurityConfig.java
查看文件

@ -59,12 +59,17 @@ public class SecurityConfig {
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
String deployMode = System.getenv("DEPLOYMENT_MODE");
if ("PRIVATE".equalsIgnoreCase(deployMode)) {
config.setAllowedOriginPatterns(List.of("*"));
} else {
config.setAllowedOriginPatterns(List.of(
"http://localhost:*",
"http://127.0.0.1:*",
"http://*.xuqinmin.com",
"https://*.xuqinmin.com"
));
}
config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
config.setAllowedHeaders(List.of("*"));
config.setExposedHeaders(List.of("Location"));

5
license-service/src/main/java/com/xuqm/license/config/SecurityConfig.java
查看文件

@ -51,12 +51,17 @@ public class SecurityConfig {
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
String deployMode = System.getenv("DEPLOYMENT_MODE");
if ("PRIVATE".equalsIgnoreCase(deployMode)) {
config.setAllowedOriginPatterns(List.of("*"));
} else {
config.setAllowedOriginPatterns(List.of(
"http://localhost:*",
"http://127.0.0.1:*",
"http://*.xuqinmin.com",
"https://*.xuqinmin.com"
));
}
config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
config.setAllowedHeaders(List.of("*"));
config.setExposedHeaders(List.of("Location"));

5
update-service/src/main/java/com/xuqm/update/config/SecurityConfig.java
查看文件

@ -60,12 +60,17 @@ public class SecurityConfig {
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
String deployMode = System.getenv("DEPLOYMENT_MODE");
if ("PRIVATE".equalsIgnoreCase(deployMode)) {
config.setAllowedOriginPatterns(List.of("*"));
} else {
config.setAllowedOriginPatterns(List.of(
"http://localhost:*",
"http://127.0.0.1:*",
"http://*.xuqinmin.com",
"https://*.xuqinmin.com"
));
}
config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
config.setAllowedHeaders(List.of("*"));
config.setExposedHeaders(List.of("Location"));