//允许前端获取自定义的header
//设置Header:Access-Control-Expose-Headers
response.setHeader("Access-Control-Expose-Headers", "Authorization,userid");
//装载自定义key
response.addHeader("Authorization", "xxxxxx")