diff --git a/cdp-iaas/gateway-server/src/main/java/com/baiye/config/GwCorsFilter.java b/cdp-iaas/gateway-server/src/main/java/com/baiye/config/GwCorsFilter.java
new file mode 100644
index 0000000..bddf5f2
--- /dev/null
+++ b/cdp-iaas/gateway-server/src/main/java/com/baiye/config/GwCorsFilter.java
@@ -0,0 +1,40 @@
+package com.baiye.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.reactive.CorsWebFilter;
+import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
+import org.springframework.web.util.pattern.PathPatternParser;
+
+/**
+ * @author Enzo
+ * @date : 2022/1/19
+ */
+@Configuration
+public class GwCorsFilter {
+
+    @Bean
+    public CorsWebFilter corsFilter() {
+        CorsConfiguration config = new CorsConfiguration();
+        // 允许cookies跨域
+        config.setAllowCredentials(true);
+        // #允许向该服务器提交请求的URI，*表示全部允许，在SpringMVC中，如果设成*，会自动转成当前请求头中的Origin
+        config.addAllowedOrigin("*");
+        // #允许访问的头信息,*表示全部
+        config.addAllowedHeader("*");
+        // 预检请求的缓存时间（秒），即在这个时间段里，对于相同的跨域请求不会再预检了
+        config.setMaxAge(18000L);
+        //允许的方法 可设置* 即允许全部http请求方法类型
+        config.addAllowedMethod("OPTIONS");
+        config.addAllowedMethod("HEAD");
+        config.addAllowedMethod("GET");
+        config.addAllowedMethod("PUT");
+        config.addAllowedMethod("POST");
+        config.addAllowedMethod("DELETE");
+        config.addAllowedMethod("PATCH");
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(new PathPatternParser());
+        source.registerCorsConfiguration("/**", config);
+        return new CorsWebFilter(source);
+    }
+}