|  | @@ -102,6 +102,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
 | 
											
												
													
														|  |          httpSecurity
 |  |          httpSecurity
 | 
											
												
													
														|  |                  // CSRF禁用,因为不使用session
 |  |                  // CSRF禁用,因为不使用session
 | 
											
												
													
														|  |                  .csrf().disable()
 |  |                  .csrf().disable()
 | 
											
												
													
														|  | 
 |  | +                // 禁用HTTP响应标头
 | 
											
												
													
														|  | 
 |  | +                .headers().cacheControl().disable().and()
 | 
											
												
													
														|  |                  // 认证失败处理类
 |  |                  // 认证失败处理类
 | 
											
												
													
														|  |                  .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
 |  |                  .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
 | 
											
												
													
														|  |                  // 基于token,所以不需要session
 |  |                  // 基于token,所以不需要session
 | 
											
										
											
												
													
														|  | @@ -109,7 +111,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
 | 
											
												
													
														|  |                  // 过滤请求
 |  |                  // 过滤请求
 | 
											
												
													
														|  |                  .authorizeRequests()
 |  |                  .authorizeRequests()
 | 
											
												
													
														|  |                  // 对于登录login 注册register 验证码captchaImage 允许匿名访问
 |  |                  // 对于登录login 注册register 验证码captchaImage 允许匿名访问
 | 
											
												
													
														|  | -                .antMatchers("/login", "/register", "/captchaImage").anonymous()
 |  | 
 | 
											
												
													
														|  | 
 |  | +                .antMatchers("/login", "/register", "/captchaImage").permitAll()
 | 
											
												
													
														|  |                  // 静态资源,可匿名访问
 |  |                  // 静态资源,可匿名访问
 | 
											
												
													
														|  |                  .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
 |  |                  .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
 | 
											
												
													
														|  |                  .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
 |  |                  .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
 | 
											
										
											
												
													
														|  | @@ -124,8 +126,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
 | 
											
												
													
														|  |          // 添加CORS filter
 |  |          // 添加CORS filter
 | 
											
												
													
														|  |          httpSecurity.addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class);
 |  |          httpSecurity.addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class);
 | 
											
												
													
														|  |          httpSecurity.addFilterBefore(corsFilter, LogoutFilter.class);
 |  |          httpSecurity.addFilterBefore(corsFilter, LogoutFilter.class);
 | 
											
												
													
														|  | -        // 禁用缓存
 |  | 
 | 
											
												
													
														|  | -        httpSecurity.headers().cacheControl().disable();
 |  | 
 | 
											
												
													
														|  |      }
 |  |      }
 | 
											
												
													
														|  |  
 |  |  
 | 
											
												
													
														|  |      /**
 |  |      /**
 |