public class CorsFilter extends OncePerRequestFilter {  static final String ORIGIN = "Origin";  protected void doFilterInternal(    HttpServletRequest request,     HttpServletResponse response,     FilterChain filterChain) throws ServletException, IOException {      String origin = request.getHeader(ORIGIN);      response.setHeader("Access-Control-Allow-Origin", "*");//* or origin as u prefer    response.setHeader("Access-Control-Allow-Credentials", "true");    response.setHeader("Access-Control-Allow-Methods", "PUT, POST, GET, OPTIONS, DELETE");    response.setHeader("Access-Control-Max-Age", "3600");    response.setHeader("Access-Control-Allow-Headers", "content-type, authorization");      if (request.getMethod().equals("OPTIONS"))      response.setStatus(HttpServletResponse.SC_OK);    else       filterChain.doFilter(request, response);    }}@Beanpublic CorsFilter corsFilter() throws Exception {  return new CorsFilter();}http  .addFilterBefore(corsFilter(), UsernamePasswordAuthenticationFilter.class)  .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class)  .headers()  .cacheControl();

@Configurationpublic class CorsConfig {  @Bean  public FilterRegistrationBean corsFilter() {    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();    CorsConfiguration config = new CorsConfiguration();    config.setAllowCredentials(true);    // 設置你要允許的網站域名，如果全允許則設為 *    config.addAllowedOrigin("http://localhost:4200");    // 如果要限制 HEADER 或 METHOD 請自行更改    config.addAllowedHeader("*");    config.addAllowedMethod("*");    source.registerCorsConfiguration("/**", config);    FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));    // 這個順序很重要哦，為避免麻煩請設置在最前    bean.setOrder(0);    return bean;  }}