From 93ee021b6e8a9e6b3bca12c2f35f6e3c68baef5a Mon Sep 17 00:00:00 2001 From: RuoYi Date: Sat, 31 Jul 2021 12:18:24 +0800 Subject: [PATCH] =?UTF-8?q?XSS=E8=BF=87=E6=BB=A4=E6=8E=92=E9=99=A4?= =?UTF-8?q?=E9=9D=9Ejson=E7=B1=BB=E5=9E=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/ruoyi/gateway/filter/XssFilter.java | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/XssFilter.java b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/XssFilter.java index 799625f12..021cf4366 100644 --- a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/XssFilter.java +++ b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/XssFilter.java @@ -11,6 +11,7 @@ import org.springframework.core.io.buffer.DataBufferUtils; import org.springframework.core.io.buffer.NettyDataBufferFactory; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpMethod; +import org.springframework.http.MediaType; import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.http.server.reactive.ServerHttpRequestDecorator; import org.springframework.stereotype.Component; @@ -45,6 +46,11 @@ public class XssFilter implements GlobalFilter, Ordered { return chain.filter(exchange); } + // 非json类型,不过滤 + if (!isJsonRequest(exchange)) + { + return chain.filter(exchange); + } // excludeUrls 不过滤 String url = request.getURI().getPath(); if (StringUtils.matches(url, xss.getExcludeUrls())) @@ -95,6 +101,17 @@ public class XssFilter implements GlobalFilter, Ordered return serverHttpRequestDecorator; } + /** + * 是否是Json请求 + * + * @param request + */ + public boolean isJsonRequest(ServerWebExchange exchange) + { + String header = exchange.getRequest().getHeaders().getFirst(HttpHeaders.CONTENT_TYPE); + return StringUtils.startsWithIgnoreCase(header, MediaType.APPLICATION_JSON_VALUE); + } + @Override public int getOrder() {