项目大致情况：后端采用RESTful Api，spring boot+spring security+JWT，前端vue全家桶。

部署情况：前端放在nginx里，开了个8088端口，后端jar包运行在8080端口

关于跨域问题解决的七七八八了，但是唯独这个filter的跨域问题解决不了。在spring security的filter中通过response返回信息前端是接收不到的，chrome浏览器也不会显示请求的任何返回，我查了好久才反映过来可能是跨域问题。

需求就是当token失效时，请求接口会通过filter，如果filter判断出token失效，则直接通过response返回一个约定的状态码。如果在这里不返回，服务器直接报500，前端不方便捕捉处理。filter里，请求头可以通过Access-Control-Expose-Headers写进去，前端也能捕获到，请求体怎么办呢？求大神赐教。

目前这样处理是得不到请求体的，其中一个filter的代码：
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
    String authHeader = httpServletRequest.getHeader("Authorization");
    if (authHeader != null && authHeader.startsWith("Bearer ")) {
        final String authToken = authHeader.substring("Bearer ".length());
        try {
            String newToken = JwtUtil.refreshToken(authToken);
            if (newToken != null) {
                httpServletResponse.setHeader("authentication", newToken);
            }
        } catch (JwtException e) {
            log.error(e.toString());
            httpServletResponse.getWriter().write(JSON.toJSONString(Result.failure("无效的token，请重新登陆后操作")));
            return;
        }
        String username;
        try {
            username = JwtUtil.parseToken(authToken);
        } catch (JwtException e) {
            log.error(e.toString());
            httpServletResponse.getWriter().write(JSON.toJSONString(Result.failure("无效的token，请重新登陆后操作")));
            return;
        }
        if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
            UserDetails userDetails = sysUserDetailsService.loadUserByUsername(username);
            if (userDetails != null) {
                UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
                authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
                SecurityContextHolder.getContext().setAuthentication(authentication);
            }
        }
    }
    filterChain.doFilter(httpServletRequest,httpServletResponse);