修改

main.go

@@ -109,20 +109,22 @@ func init() {
 
 // CORSFilter 用于处理跨域请求
 func CORSFilter(ctx *bcontext.Context) {
-	// 设置CORS响应头
-	ctx.Output.Header("Access-Control-Allow-Origin", "*")
-	ctx.Output.Header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, PATCH, HEAD")
-	ctx.Output.Header("Access-Control-Allow-Headers", "*")
-	ctx.Output.Header("Access-Control-Max-Age", "86400")
+	origin := ctx.Input.Header("Origin")
+	if origin != "" {
+		ctx.Output.Header("Access-Control-Allow-Origin", origin)
+	}
+
 	ctx.Output.Header("Access-Control-Allow-Credentials", "true")
-	ctx.Output.Header("Access-Control-Expose-Headers", "*")
+	ctx.Output.Header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, PATCH, HEAD")
 
-	// 移除引荐来源网址政策限制
-	ctx.Output.Header("Referrer-Policy", "no-referrer")
+	// 建议把前端 fetch 用到的所有 Header 都加上
+	ctx.Output.Header("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Requested-With, Accept, Origin")
+	ctx.Output.Header("Access-Control-Max-Age", "86400")
 
-	// 处理预检请求
 	if ctx.Input.Method() == "OPTIONS" {
 		ctx.Output.SetStatus(200)
+		// 显式结束请求，防止进入后续逻辑
+		return
 	}
 }