diff --git a/java/src/main/java/com/hzu/bookingsystem/filter/CorsFilter.java b/java/src/main/java/com/hzu/bookingsystem/filter/CorsFilter.java
new file mode 100644
index 0000000..fa253a6
--- /dev/null
+++ b/java/src/main/java/com/hzu/bookingsystem/filter/CorsFilter.java
@@ -0,0 +1,36 @@
+package com.hzu.bookingsystem.filter;
+
+import org.springframework.stereotype.Component;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * author 吴志岳
+ */
+@Component
+public class CorsFilter implements Filter {
+
+    @Override
+    public void init(FilterConfig filterConfig) {
+    }
+
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+        HttpServletResponse response = (HttpServletResponse) servletResponse;
+        HttpServletRequest reqs = (HttpServletRequest) servletRequest;
+         response.setHeader("Access-Control-Allow-Origin",reqs.getHeader("Origin"));
+//        response.setHeader("Access-Control-Allow-Origin", "*");
+        response.setHeader("Access-Control-Allow-Credentials", "true");
+        response.setHeader("Access-Control-Allow-Methods", "POST, GET, PATCH, DELETE, PUT");
+        response.setHeader("Access-Control-Max-Age", "3600");
+        response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
+        filterChain.doFilter(servletRequest, servletResponse);
+    }
+
+    @Override
+    public void destroy() {
+    }
+}
\ No newline at end of file