@CrossOrigin(allowCredentials = "true", allowedHeaders = "*")
CrossOrigin注解加上这两个参数,会报以下的错误:
When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header