修改网关的配置，各个微服务https reponse的header增加不安全因素的修复。

src/main/java/com/leanwo/gateway/GlobalAccountFilter.java

@@ -68,10 +68,6 @@ public class GlobalAccountFilter implements GlobalFilter, Ordered{
         logger.debug("获取的域名:" + domainName);
         Long accountId = accountManagementService.getAccountIdByDomainName(domainName);
         logger.debug("获取的AccountId:" + accountId);
-    	
-
-        ServerHttpResponse response = exchange.getResponse();
-        
         
         
     	request.mutate().header("account", accountId.toString())

src/main/java/com/leanwo/gateway/config/MyCorsConfiguration.java

@@ -5,7 +5,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cloud.gateway.handler.RoutePredicateHandlerMapping;
 import org.springframework.stereotype.Component;
 
-@Component
+//@Component
 public class MyCorsConfiguration implements InitializingBean {
  
     @Autowired

src/main/resources/Application.yml

@@ -7,14 +7,25 @@ server:
   #port: 443
   #ssl证书相关配置
   #ssl:
+    #trust-store-type: PKCS12
+    #trust-store: key_2019/3070974_prodog.leanwo.com.pfx
+    #trust-store-password: PKCS12
     #key-store: classpath:key_2019/3070974_prodog.leanwo.com.pfx
     #key-store-password: E70iVODH
     #key-store-type: PKCS12
+    #enabled-protocols: "TLSv1.2"
   #是否启用压缩
   compression:
     enabled: true
     mime-types: application/json,application/xml,text/html,text/xml,text/plain,application/javascript,text/css,font/woff2
-    
+
+
+
+
+
+
+
+
 spring:
   # 修改文件上传大小的限制
   servlet:
@@ -31,13 +42,15 @@ spring:
           '[/**]':
             # 允许向该服务器提交请求的URI
             allowedOrigins:
-              - *
-              - *.leanwo.com
+              - 'u.leanwo.com'
+              - 'uat.leanwo.com'
             # 允许跨域的方法
             allowedMethods:
               - GET
               - POST
               - DELETE
+              - PUT
+              - HEAD
             # 预检请求的缓存时间（秒），即在这个时间段里对于相同的跨域请求不会再预检
             maxAge: 180
       discovery:
@@ -47,35 +60,58 @@ spring:
         - id: application_server
           uri: lb://prodog-server
           predicates:
-            - Path=/api/**,/druid/**,/rest-api/**,/WebSocket/**
+            - Path=/api/**,/druid/**,/rest-api/**,/WebSocket/**,/workflow-app/**,/workflow-prodog/**,/workflow-system/**
+          filters:
+            - SetResponseHeader=Referrer-Policy, origin
+            - SetResponseHeader=Strict-Transport-Security, max-age=631138519; preload
+            - SetResponseHeader=X-Frame-Options, SAMEORIGIN
+            - SetResponseHeader=Content-Security-Policy, object-src https://u.leanwo.com https://uat.leanwo.com
+            - SetResponseHeader=X-XSS-Protection, 1 ; mode=block
+            - SetResponseHeader=Access-Control-Allow-Methods,'GET, POST, PUT, DELETE, HEAD'
         - id: auth_server
           uri: lb://auth-server
           predicates:
             - Path=/authApi/**
+          filters:
+            - SetResponseHeader=Referrer-Policy, origin
+            - SetResponseHeader=Strict-Transport-Security, max-age=631138519; preload
+            - SetResponseHeader=X-Frame-Options, SAMEORIGIN
+            - SetResponseHeader=Content-Security-Policy, object-src https://u.leanwo.com https://uat.leanwo.com
+            - SetResponseHeader=X-XSS-Protection, 1 ; mode=block
+            - SetResponseHeader=Access-Control-Allow-Methods,'GET, POST, PUT, DELETE, HEAD'
         - id: dingtalk_server
           uri: lb://dingtalk-server
           predicates:
             - Path=/dingTalkApi/**
           filters:
-            - StripPrefix=1
-        - id: workflow_server_app
-          uri: lb://workflow-server
-          predicates:
-            - Path=/workflow-app/**,/workflow-prodog/**,/workflow-system/**
-        - id: report_server_ureport
-          uri: lb://report-server
-          predicates:
-            - Path=/ureport/**
-        - id: mes_schedule_server
-          uri: lb://mes-schedule-server
+            - StripPrefix=1      
+            - SetResponseHeader=Referrer-Policy, origin
+            - SetResponseHeader=Strict-Transport-Security, max-age=631138519; preload
+            - SetResponseHeader=X-Frame-Options, SAMEORIGIN
+            - SetResponseHeader=Content-Security-Policy, object-src https://u.leanwo.com https://uat.leanwo.com
+            - SetResponseHeader=X-XSS-Protection, 1 ; mode=block
+            - SetResponseHeader=Access-Control-Allow-Methods,'GET, POST, PUT, DELETE, HEAD'
+        - id: gateway_server
+          uri: lb:http://gateway-server
           predicates:
-            - Path=/mesSchedule/**
-        - id: middleware_data_center_server
-          uri: http://127.0.0.1:8082
-          predicates:
-            - Path=/datacenter/api/**
+            - Path=/gateway-api/**
+          filters:
+            - SetResponseHeader=Referrer-Policy, origin
+            - SetResponseHeader=Strict-Transport-Security, max-age=631138519; preload
+            - SetResponseHeader=X-Frame-Options, SAMEORIGIN
+            - SetResponseHeader=Content-Security-Policy, object-src https://u.leanwo.com https://uat.leanwo.com
+            - SetResponseHeader=X-XSS-Protection, 1 ; mode=block
+            - SetResponseHeader=Access-Control-Allow-Methods,'GET, POST, PUT, DELETE, HEAD'
         # 文件服务器
         - id: file_server
           uri: lb://file-server
           predicates:
             - Path=/**
+          filters:
+            - SetResponseHeader=Referrer-Policy, origin
+            - SetResponseHeader=Strict-Transport-Security, max-age=631138519; preload
+            - SetResponseHeader=X-Frame-Options, SAMEORIGIN
+            - SetResponseHeader=Content-Security-Policy, object-src https://u.leanwo.com https://uat.leanwo.com
+            - SetResponseHeader=X-XSS-Protection, 1 ; mode=block
+            - SetResponseHeader=Access-Control-Allow-Methods,'GET, POST, PUT, DELETE, HEAD'
+            - SetResponseHeader=Allow,'GET, POST, PUT, DELETE, HEAD'