From 1c582fbbf17b0c84c11d333aca6504f771b427be Mon Sep 17 00:00:00 2001
From: tim <nagisa12164@163.com>
Date: Fri, 22 Aug 2025 23:18:05 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20WebSocketConfig=EF=BC=9A=E5=90=8C?=
 =?UTF-8?q?=E6=97=B6=E7=BB=99=20SockJS=20=E6=B3=A8=E5=86=8C=E8=AE=BE?=
 =?UTF-8?q?=E7=BD=AE=E5=85=81=E8=AE=B8=E7=9A=84=20Origin=EF=BC=88endpoint?=
 =?UTF-8?q?=20=E7=94=A8=20patterns=EF=BC=8CSockJS=20=E7=94=A8=20exact?=
 =?UTF-8?q?=EF=BC=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../com/openisle/config/WebSocketConfig.java  | 40 ++++++++++++++-----
 1 file changed, 30 insertions(+), 10 deletions(-)

diff --git a/backend/src/main/java/com/openisle/config/WebSocketConfig.java b/backend/src/main/java/com/openisle/config/WebSocketConfig.java
index 7f5c89460..73e455bf3 100644
--- a/backend/src/main/java/com/openisle/config/WebSocketConfig.java
+++ b/backend/src/main/java/com/openisle/config/WebSocketConfig.java
@@ -41,24 +41,44 @@ public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
 
     @Override
     public void registerStompEndpoints(StompEndpointRegistry registry) {
+        // ① 原生 WebSocket 端点：用 patterns，抗 www/端口漂移
         registry.addEndpoint("/api/ws")
-                // 安全改进：使用具体的允许源，而不是通配符
-                .setAllowedOrigins(
-                        // 本地开发
+                .setAllowedOriginPatterns(
+                        // 本地
                         "http://localhost:*",
                         "http://127.0.0.1:*",
                         "http://192.168.7.98:*",
                         "http://30.211.97.238:*",
-                        websiteUrl,
-                        websiteUrl.replace("://www.", "://"),
-
-                        // 线上域名（务必是 https）
+                        // 线上
                         "https://staging.open-isle.com",
-                        "https://www.staging.open-isle.com"
-                )
-                .withSockJS();
+                        "https://www.staging.open-isle.com",
+                        websiteUrl,
+                        websiteUrl.replace("://www.", "://")
+                );
+
+        // ② SockJS 注册：要单独再配一次，且只能 exact，不支持 patterns
+        registry.addEndpoint("/api/ws")
+                .setAllowedOrigins(
+                        // 本地（端口要写死）
+                        "http://localhost:3000",
+                        "http://localhost:3001",
+                        "http://127.0.0.1:3000",
+                        "http://127.0.0.1:3001",
+                        "http://192.168.7.98",
+                        "http://192.168.7.98:3000",
+                        "http://30.211.97.238",
+                        "http://30.211.97.238:3000",
+                        // 线上
+                        "https://staging.open-isle.com",
+                        "https://www.staging.open-isle.com",
+                        websiteUrl,
+                        websiteUrl.replace("://www.", "://")
+                )                .withSockJS()
+                .setSessionCookieNeeded(false) // 避免强依赖 JSESSIONID
+                .setWebSocketEnabled(true);
     }
 
+
     @Override
     public void configureClientInboundChannel(ChannelRegistration registration) {
         registration.interceptors(new ChannelInterceptor() {