項目大致情況：后端采用RESTful Api，spring boot+spring security+JWT，前端vue全家桶。 部署情況：前端放在nginx里，開了個8088端口，后端jar包運行在8080端口 關(guān)于跨域問題解決的七七八八了，但是唯獨這個filter的跨域問題解決不了。在spring security的filter中通過response返回信息前端是接收不到的，chrome瀏覽器也不會顯示請求的任何返回，我查了好久才反映過來可能是跨域問題。 需求就是當(dāng)token失效時，請求接口會通過filter，如果filter判斷出token失效，則直接通過response返回一個約定的狀態(tài)碼。如果在這里不返回，服務(wù)器直接報500，前端不方便捕捉處理。filter里，請求頭可以通過Access-Control-Expose-Headers寫進(jìn)去，前端也能捕獲到，請求體怎么辦呢？求大神賜教。 目前這樣處理是得不到請求體的，其中一個filter的代碼： @Override protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException { String authHeader = httpServletRequest.getHeader("Authorization"); if (authHeader != null && authHeader.startsWith("Bearer ")) { final String authToken = authHeader.substring("Bearer ".length()); try { String newToken = JwtUtil.refreshToken(authToken); if (newToken != null) { httpServletResponse.setHeader("authentication", newToken); } } catch (JwtException e) { log.error(e.toString()); httpServletResponse.getWriter().write(JSON.toJSONString(Result.failure("無效的token，請重新登陸后操作"))); return; } String username; try { username = JwtUtil.parseToken(authToken); } catch (JwtException e) { log.error(e.toString()); httpServletResponse.getWriter().write(JSON.toJSONString(Result.failure("無效的token，請重新登陸后操作"))); return; } if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) { UserDetails userDetails = sysUserDetailsService.loadUserByUsername(username); if (userDetails != null) { UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities()); authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest)); SecurityContextHolder.getContext().setAuthentication(authentication); } } } filterChain.doFilter(httpServletRequest,httpServletResponse);