How to solve the cross-domain problems encountered by the back-end filter using response in the front-end and back-end separate projects?

Project overview: RESTful Api,spring boot+spring security+JWT is used in the back end and vue bucket is used in the front end.

deployment: the front end is placed in nginx, port 8088 is opened, and the back-end jar package runs at port 8080

there are seven, seven, eight and eight about cross-domain problem solving, but only this filter cross-domain problem can not be solved. The front end of the return information through response is not received in the filter of spring security, and the chrome browser will not display any return of the request. It took me a long time to find out that it may be a cross-domain problem.

the requirement is that when the token fails, the request API will pass the filter. If the filter determines that the token is invalid, it will return an agreed status code directly through the response. If it is not returned here, the server directly reports 500, and the front end is not convenient for capture and processing. In filter, the request header can be written in through Access-Control-Expose-Headers, and the front end can also capture it. What about the request body? Ask the great god for advice.

filter:
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
    String authHeader = httpServletRequest.getHeader("Authorization");
    if (authHeader != null && authHeader.startsWith("Bearer ")) {
        final String authToken = authHeader.substring("Bearer ".length());
        try {
            String newToken = JwtUtil.refreshToken(authToken);
            if (newToken != null) {
                httpServletResponse.setHeader("authentication", newToken);
            }
        } catch (JwtException e) {
            log.error(e.toString());
            httpServletResponse.getWriter().write(JSON.toJSONString(Result.failure("token")));
            return;
        }
        String username;
        try {
            username = JwtUtil.parseToken(authToken);
        } catch (JwtException e) {
            log.error(e.toString());
            httpServletResponse.getWriter().write(JSON.toJSONString(Result.failure("token")));
            return;
        }
        if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
            UserDetails userDetails = sysUserDetailsService.loadUserByUsername(username);
            if (userDetails != null) {
                UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
                authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
                SecurityContextHolder.getContext().setAuthentication(authentication);
            }
        }
    }
    filterChain.doFilter(httpServletRequest,httpServletResponse);

/** * * @return */ @Bean public FilterRegistrationBean corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); // config.addAllowedOrigin("http://localhost:9000"); config.addAllowedOrigin("*"); config.addAllowedHeader("*"); config.addAllowedMethod("*"); source.registerCorsConfiguration("/**", config); // CORS FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source) ); bean.setOrder(0); return bean; }