feat

pom.xml

@@ -10,7 +10,7 @@
 	</parent>
 	<groupId>com.njyunzhi</groupId>
 	<artifactId>invoice</artifactId>
-	<version>0.0.6</version>
+	<version>0.0.8</version>
 	<name>invoice-fill</name>
 	<description>发票填报</description>
 	<properties>

src/main/java/com/njyunzhi/invoice/config/cros/CorsFilter.java

@@ -28,7 +28,7 @@ public class CorsFilter extends OncePerRequestFilter {
         response.setHeader("Access-Control-Allow-Origin", origin);
         response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
         response.setHeader("Access-Control-Max-Age", "3600");
-        response.setHeader("Access-Control-Allow-Headers", "*");
+        response.setHeader("Access-Control-Allow-Headers", String.join(", ", crosProperties.getAllowHeaders()));
         response.addHeader("Access-Control-Expose-Headers", String.join(", ", crosProperties.getExposedHeaders()));
 
         if ("OPTIONS".equals(request.getMethod())) {

src/main/java/com/njyunzhi/invoice/config/cros/CorsProperties.java

@@ -14,4 +14,5 @@ public class CorsProperties {
     List<String> origins;
     List<String> methods;
     List<String> exposedHeaders;
+    List<String> allowHeaders;
 }

src/main/resources/application-dev.yml

@@ -30,6 +30,8 @@ cors:
   exposedHeaders:
     - Authorization
     - Content-Disposition
+  allowHeaders:
+    - Authorization
   methods:
     - GET
     - POST

src/main/resources/application-prod.yml

@@ -17,6 +17,8 @@ cors:
   exposedHeaders:
     - Authorization
     - Content-Disposition
+  allowHeaders:
+    - Authorization
   methods:
     - GET
     - POST