已解决,由于spring boot引入spring security后默认开启csrf拒绝访问post put delete操作,而2.x已经废弃security.enable,所以需要自己实现关闭
Since Spring Boot relies on Spring Security’s defaults, CSRF protection is turned on by default. This means that the actuator endpoints that require a POST (shutdown and loggers endpoints), PUT or DELETE will get a 403 forbidden error when the default security configuration is in use.