Springboot 403在从WebApp调用时被禁止

我已经在这个问题上挣扎了两天。我有一个简单的带有spring安全性的Springboot应用程序。当我使用Swagger和Postman测试我的控制器时，没有问题。然而，当我从前端应用程序调用同一个端点时，它会在下面抛出错误

2022-10-07T21:43:51.991+0800 DEBUG http-nio-8080-exec-1 (FilterChainProxy.java:323) - Secured OPTIONS /category/all 2022-10-07T21:43:51.993+0800 DEBUG http-nio-8080-exec-1 (LogFormatUtils.java:119) - OPTIONS "/category/all", parameters={} 2022-10-07T21:43:51.995+0800 DEBUG http-nio-8080-exec-1 (PropertySourcedRequestMappingHandlerMapping.java:108) - looking up handler for path: /category/all 2022-10-07T21:43:51.998+0800 DEBUG http-nio-8080-exec-1 (AbstractHandlerMapping.java:522) - Mapped to com.edar.sales.be.controller.CategoryController#getAllCategories() 2022-10-07T21:43:52.002+0800 DEBUG http-nio-8080-exec-1 (OpenEntityManagerInViewInterceptor.java:86) - Opening JPA EntityManager in OpenEntityManagerInViewInterceptor 2022-10-07T21:43:52.015+0800 DEBUG http-nio-8080-exec-1 (HttpSessionSecurityContextRepository.java:346) - Did not store anonymous SecurityContext 2022-10-07T21:43:52.018+0800 DEBUG http-nio-8080-exec-1 (OpenEntityManagerInViewInterceptor.java:111) - Closing JPA EntityManager in OpenEntityManagerInViewInterceptor 2022-10-07T21:43:52.019+0800 DEBUG http-nio-8080-exec-1 (FrameworkServlet.java:1131) - Completed 403 FORBIDDEN

这是我的控制器类

package com.edar.sales.be.controller;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.beanutils.BeanUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PatchMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
import com.edar.sales.be.dto.CategoryDTO;
import com.edar.sales.be.entity.Category;
import com.edar.sales.be.service.CategoryService;
import com.google.gson.Gson;
@RestController(value = "category/")
public class CategoryController {

private static final Logger LOG = LoggerFactory.getLogger(CategoryController.class);
private static final Gson GSON = new Gson();

@Autowired
CategoryService categoryService;
@GetMapping(value = "category/all")
public List<CategoryDTO> getAllCategories() throws IllegalAccessException, InvocationTargetException {
List<CategoryDTO> retval = new ArrayList<>();
List<Category> categories = categoryService.getAllCategories();
for (Category category : categories) {
CategoryDTO categoryDTO = new CategoryDTO();
BeanUtils.copyProperties(categoryDTO, category);
retval.add(categoryDTO);
}
return retval;
}
@GetMapping(value = "category/{id}")
public CategoryDTO getCategoryById(@PathVariable("id") long id) throws IllegalAccessException, InvocationTargetException {
CategoryDTO categoryDTO = new CategoryDTO();
BeanUtils.copyProperties(categoryDTO, categoryService.getCategoryById(id));
return categoryDTO;
}

@PostMapping(value = "category/delete/{id}")
public void deleteCategoryById(@PathVariable("id") Long id) {
categoryService.deleteCategoryById(id);
}
@PostMapping(value = "category/add")
public void addCategory(@RequestBody Category category) {
LOG.debug("Adding category : {}", GSON.toJson(category));
categoryService.addCategory(category);
}

@PatchMapping(value = "category/update")
public void updateCategory(@RequestBody Category category) {
LOG.debug("Updating category : {}", GSON.toJson(category));
categoryService.addCategory(category);
}
}

这是我的SecurityConfig

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().antMatchers("**").permitAll();
}
}