如何从浏览器javascript访问thingsboard REST API？

我是新来thingsboard的，我有一个thingsboard服务器。我正在尝试访问thingsboard REST API，结果出现CORS错误，因为选项请求返回401

这是MyThingsboard.yml，默认情况下，CORS支持“*”

spring.mvc.cors:
  mappings:
    # Intercept path
     "/api/auth/**":
        #Comma-separated list of origins to allow. '*' allows all origins. When not set,CORS support is disabled.
        allowed-origins: "*"
        #Comma-separated list of methods to allow. '*' allows all methods.
        allowed-methods: "POST,GET,OPTIONS"
        #Comma-separated list of headers to allow in a request. '*' allows all headers.
        allowed-headers: "*"
        #How long, in seconds, the response from a pre-flight request can be cached by clients.
        max-age: "1800"
        #Set whether credentials are supported. When not set, credentials are not supported.
        allow-credentials: "true"

我检查了这个问题，但我不清楚如何禁用选项的身份验证。我在link中尝试了代码，但得到了401

var url = "http://THINGSBOARDURL:PORT/api/customer/d8f7b410-5480-11e9-bc30-bd0cca1006d3/assets?limit=10";

  var xhr = createCORSRequest('GET', url);
  if (!xhr) {
    alert('CORS not supported');
    return;
  }

  // Response handlers.
  xhr.onload = function() {
    var text = xhr.responseText;
    console.log(text);
  };

  xhr.onerror = function() {
    alert('Woops, there was an error making the request.');
  };

xhr.setRequestHeader("Accept", "application/json")
xhr.setRequestHeader("X-Authorization","Bearer JWTTOKEN")
xhr.send();

CORS策略已阻止从源“”访问“”处的XMLHttpRequest:对飞行前请求的响应未通过访问控制检查：请求的资源上不存在“访问控制允许源”标头。

---

请帮忙，这是我的错。xmlhttprequest使用的api是

/api/customer/.

等，但CORS仅为

/api/auth/**

和

/api/v1/**

启用 不知怎的，它没有引起我的注意

我将thingsboard.yml CORS节路径从

/api/v1/**

更改为

/api/**

，现在没有发生错误