最终我自己解决了这个问题。我在 pom.xml 文件中删除了此依赖项:
<dependency>
<groupId>com.auth0</groupId>
<artifactId>auth0-spring-security-api</artifactId>
<version>0.3.1</version>
</dependency>
因为是github上的开源项目,这里https://github.com/auth0/auth0-spring-security-api。我将源代码添加到项目自己的包中,并将其依赖项添加到我的 pom.xml 文件中。然后我更改了 Auth0CORSFilter 中的 doFilter 方法以包含我的 x-xsrf-token:
@Override
public void doFilter(final ServletRequest req, final ServletResponse res, final FilterChain chain) throws IOException, ServletException {
final HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "Authorization, x-xsrf-token, Access-Control-Allow-Headers, Origin, Accept, X-Requested-With, " +
"Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
chain.doFilter(req, res);
}
不幸的是,如果需要的话,我现在无法轻松切换版本,我的代码库也稍微混乱一些,但是,由于我是 Spring 新手,这比花费数小时尝试覆盖 Auth0CORSFilter Bean 要容易得多,如果这是有可能的。