在设置了 headers 请求头中的 Authorization 后出现了这个问题 请求异常 Failed to load http://host:port/auth/user/updatePassword: Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response. JavaScript 代码 // 修改密码 var fd = new FormData() fd.append('password', '123456789') fetch(ctx + '/auth/user/updatePassword', { method: 'post', credentials: 'include', headers: { 'Authorization': '39058cb8ec7ee5bde4e8813857a5e6591edf5da2eb997ba8416cf711d083c46ea94a3344f1d8670eaa7a8896ac71e6fdbe90c75b1c579fd52368c82f44777473' }, body: fd }) .then(res => res.json()) .then(json => console.log(json)) Java 处理跨域的代码 @Configuration public class CorsConfig { @Bean public OncePerRequestFilter corsFilter() { return new OncePerRequestFilter() { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { //允许所有来源 String allowOrigin = "*"; //允许以下请求方法 String allowMethods = "GET,POST,PUT,DELETE,OPTIONS"; //允许以下请求头 String allowHeaders = "Content-Type,X-Token"; //允许有认证信息（cookie） String allowCredentials = "true"; String origin = request.getHeader("Origin"); //此处是为了兼容需要认证信息(cookie)的时候不能设置为 * 的问题 response.setHeader("Access-Control-Allow-Origin", origin == null ? allowOrigin : origin); response.setHeader("Access-Control-Allow-Methods", allowMethods); response.setHeader("Access-Control-Allow-Credentials", allowCredentials); response.setHeader("Access-Control-Allow-Headers", allowHeaders); filterChain.doFilter(request, response); } }; } } 请问上面的代码有什么问题么？为什么明明处理过了结果还是会出现跨域问题呢？