msb-public-java
/
RuoYi-Cloud
mirror of https://gitee.com/y_project/RuoYi-Cloud.git
1
0
Code Issues Projects Releases Wiki Activity

此处修改曾导致 nacos修改xss开关时,spring容器未重启,filter仍起效。故增加参数判断,参数刷新后,xss开关正常关闭。

Browse Source 
此处修改曾导致 nacos修改xss开关时,spring容器未重启,filter仍起效。故增加参数判断,参数刷新后,xss开关正常关闭。

Signed-off-by: ylwang <ylwang@makwing.com>
pull/286/head
ylwang 2 years ago committed by Gitee
parent 7a112c7317
commit bc1c1dbfa7
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File

4
ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/XssFilter.java
Unescape View File

@ -42,6 +42,10 @@ public class XssFilter implements GlobalFilter, Ordered
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain)
{
ServerHttpRequest request = exchange.getRequest();
// xss开关未开启 或 通过nacos关闭不过滤
if(!xss.getEnabled()){
return chain.filter(exchange);
}
// GET DELETE 不过滤
HttpMethod method = request.getMethod();
if (method == null || method == HttpMethod.GET || method == HttpMethod.DELETE)

Write Preview
Loading…
Cancel
Save