优化跨域配置，默认允许全部跨域

src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java

@@ -1,12 +1,12 @@
 package com.genersoft.iot.vmp.conf.security;
 
 import com.genersoft.iot.vmp.conf.UserSetting;
-import org.springframework.core.annotation.Order;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
@@ -25,6 +25,7 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 
 /**
  * 配置Spring Security
@@ -129,8 +130,14 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
         corsConfiguration.setAllowedHeaders(Arrays.asList("*"));
         corsConfiguration.setAllowedMethods(Arrays.asList("*"));
         corsConfiguration.setMaxAge(3600L);
-        corsConfiguration.setAllowCredentials(true);
-        corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins());
+        if (userSetting.getAllowedOrigins() != null && !userSetting.getAllowedOrigins().isEmpty()) {
+            corsConfiguration.setAllowCredentials(true);
+            corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins());
+        }else {
+            corsConfiguration.setAllowCredentials(false);
+            corsConfiguration.setAllowedOrigins(Collections.singletonList(CorsConfiguration.ALL));
+        }
+
         corsConfiguration.setExposedHeaders(Arrays.asList(JwtUtils.getHeader()));
 
         UrlBasedCorsConfigurationSource url = new UrlBasedCorsConfigurationSource();