When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.
不知道怎么改
把allowedHeaders 改成 allowedOriginPatterns 不行的
@CrossOrigin(origins = {" * "}, allowedHeaders="*")
@CrossOrigin(originPatterns = "*",allowCredentials = "true",allowedHeaders = "*")