When allowCredentials is true, allowedOrigins cannot contain the special value "*"since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.

意思是：当allowCredentials为true时，allowingOrigins不能包含特殊值“ *”，因为无法在“ Access-Control-Allow-Origin”响应标头上设置。要允许凭据具有一组来源，请明确列出它们或考虑改用“ allowedOriginPatterns”。

解决：将allowingOrigins换成allowedOriginPatterns即可。

修改前：

public CorsFilter corsFilter() {
    CorsConfiguration config = new CorsConfiguration();
    //允许所有域名进行跨域调用
    ("*");
    //允许跨越发送cookie
    (true);
    //放行全部原始头信息
    ("*");
    //允许所有请求方法跨域调用
    ("*");
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    ("/**", config);
    return new CorsFilter(source);
}

修改后：

public CorsFilter corsFilter() {
    CorsConfiguration config = new CorsConfiguration();
    //允许所有域名进行跨域调用
    ("*");//替换这个
    //允许跨越发送cookie
    (true);
    //放行全部原始头信息
    ("*");
    //允许所有请求方法跨域调用
    ("*");
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    ("/**", config);
    return new CorsFilter(source);
}

原文链接：SpringBoot跨域问题：When allowCredentials is true, allowedOrigins cannot contain the special value "*"since that cannot be set on the "Access-Control-Allow-Origin" - kanie_life - 博客园 ()