spring:
 cloud:
  gateway:
   globalcors:
    cors-configurations:
     '[/**]': 
      # 允許攜帶認證信息
      # 允許跨域的源(網站域名/ip)，設置*為全部
      # 允許跨域請求里的head字段，設置*為全部
      # 允許跨域的method， 默認為GET和OPTIONS，設置*為全部
      # 跨域允許的有效期
      allow-credentials: true
      allowed-origins: 
      - "http://localhost:13009"
      - "http://localhost:13010"
      allowed-headers: "*"
      allowed-methods: 
      - OPTIONS
      - GET
      - POST
      max-age: 3600
      # 允許response的head信息
      # 默認僅允許如下6個：
      #   Cache-Control
      #   Content-Language
      #   Content-Type
      #   Expires
      #   Last-Modified
      #   Pragma
      #exposed-headers:

package com.longge.gateway.configuration;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.cloud.gateway.config.GlobalCorsProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.reactive.CorsWebFilter;
import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
import org.springframework.web.util.pattern.PathPatternParser;

/**
 * @author roger yang
 * @date 11/21/2019
 */
@Configuration
@ConditionalOnBean(GlobalCorsProperties.class)
public class CorsAutoConfiguration {
  @Autowired
  private GlobalCorsProperties globalCorsProperties;
  
  @Bean
  public CorsWebFilter corsFilter() {
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(new PathPatternParser());
    globalCorsProperties.getCorsConfigurations().forEach((path,corsConfiguration)->source.registerCorsConfiguration(path, corsConfiguration));
    return new CorsWebFilter(source);
  }
}