fix: 把原生 WS 与 SockJS 分路径，避免混淆

2026-02-06 23:21:16 +08:00 · 2025-08-22 23:46:58 +08:00
parent 3a979277e4
commit 0a82f0036b
2 changed files with 25 additions and 10 deletions
--- a/backend/src/main/java/com/openisle/config/SecurityConfig.java
+++ b/backend/src/main/java/com/openisle/config/SecurityConfig.java
@@ -105,7 +105,7 @@ public class SecurityConfig {
            .exceptionHandling(eh -> eh.accessDeniedHandler(customAccessDeniedHandler))
            .authorizeHttpRequests(auth -> auth
                    .requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
-                    .requestMatchers("/api/ws/**").permitAll()
+                    .requestMatchers("/api/ws/**", "/api/sockjs/**").permitAll()
                    .requestMatchers(HttpMethod.POST, "/api/auth/**").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/posts/**").permitAll()
                    .requestMatchers(HttpMethod.GET, "/api/comments/**").permitAll()
--- a/backend/src/main/java/com/openisle/config/WebSocketConfig.java
+++ b/backend/src/main/java/com/openisle/config/WebSocketConfig.java
@@ -41,23 +41,38 @@ public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {

    @Override
    public void registerStompEndpoints(StompEndpointRegistry registry) {
-        // ① 原生 WebSocket 端点：用 patterns，抗 www/端口漂移
+        // 1) 原生 WebSocket（不带 SockJS）
        registry.addEndpoint("/api/ws")
                .setAllowedOriginPatterns(
-                        // 本地
-                        "http://localhost:*",
-                        "http://127.0.0.1:*",
-                        "http://192.168.7.98:*",
-                        "http://30.211.97.238:*",
-                        // 线上
                        "https://staging.open-isle.com",
                        "https://www.staging.open-isle.com",
                        websiteUrl,
-                        websiteUrl.replace("://www.", "://")
-                ).withSockJS().setWebSocketEnabled(true).setSessionCookieNeeded(false);
+                        websiteUrl.replace("://www.", "://"),
+                        "http://localhost:*",
+                        "http://127.0.0.1:*",
+                        "http://192.168.7.98:*",
+                        "http://30.211.97.238:*"
+                );
+
+        // 2) SockJS 回退：单独路径
+        registry.addEndpoint("/api/sockjs")
+                .setAllowedOriginPatterns(
+                        "https://staging.open-isle.com",
+                        "https://www.staging.open-isle.com",
+                        websiteUrl,
+                        websiteUrl.replace("://www.", "://"),
+                        "http://localhost:*",
+                        "http://127.0.0.1:*",
+                        "http://192.168.7.98:*",
+                        "http://30.211.97.238:*"
+                )
+                .withSockJS()
+                .setWebSocketEnabled(true)
+                .setSessionCookieNeeded(false);
    }


+
    @Override
    public void configureClientInboundChannel(ChannelRegistration registration) {
        registration.interceptors(new ChannelInterceptor() {