Home Explore Help
Register Sign In
wangyu
/
post-check-api
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

漏洞修复

zjs 1 month ago
parent
ccfb47cfd0
commit
63af0d6819
2 changed files with 18 additions and 2 deletions
Unified View Show Diff Stats
  1. 4 0
      ruoyi-common/pom.xml
  2. 14 2
      ruoyi-common/src/main/java/com/ruoyi/common/filter/RestCorsFilter.java

+ 4 - 0
ruoyi-common/pom.xml
View File 

@@ -227,6 +227,10 @@
227 
             <artifactId>cas-client-autoconfig-support</artifactId>
 227 
             <artifactId>cas-client-autoconfig-support</artifactId>
228 
             <version>2.0.0-GA</version>
 228 
             <version>2.0.0-GA</version>
229 
         </dependency>
 229 
         </dependency>
230 
+        <dependency>
231 
+            <groupId>org.springframework</groupId>
232 
+            <artifactId>spring-webmvc</artifactId>
233 
+        </dependency>
230 
     </dependencies>
 234 
     </dependencies>
231
235
232 
 </project>
 236 
 </project>

+ 14 - 2
ruoyi-common/src/main/java/com/ruoyi/common/filter/RestCorsFilter.java
View File 

@@ -8,6 +8,9 @@ import javax.servlet.*;
8 
 import javax.servlet.http.HttpServletRequest;
 8 
 import javax.servlet.http.HttpServletRequest;
9 
 import javax.servlet.http.HttpServletResponse;
 9 
 import javax.servlet.http.HttpServletResponse;
10 
 import java.io.IOException;
 10 
 import java.io.IOException;
11 
+import java.util.Arrays;
12 
+import java.util.HashSet;
13 
+import java.util.Set;
11
14
12 
 @Component
 15 
 @Component
13 
 @Order(Ordered.HIGHEST_PRECEDENCE)
 16 
 @Order(Ordered.HIGHEST_PRECEDENCE)
 
@@ -20,9 +23,18 @@ public class RestCorsFilter implements Filter {
20 
     public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
 23 
     public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
21 
         HttpServletResponse response = (HttpServletResponse) res;
 24 
         HttpServletResponse response = (HttpServletResponse) res;
22 
         HttpServletRequest request = (HttpServletRequest) req;
 25 
         HttpServletRequest request = (HttpServletRequest) req;
23 
-        response.setHeader("Access-Control-Allow-Origin", "*"); // 可写成受信任的站点
26 
+
27 
+        String[] allowDomain={"http://10.152.72.7","http://10.152.70.21","http://10.152.72.5"};
28 
+        Set<String> allowedOrigins=new HashSet<>(Arrays.asList(allowDomain));
29 
+        String originHeader=request.getHeader("Origin");
30 
+        if(allowedOrigins.contains(originHeader)){
31 
+            response.setHeader("Access-Control-Allow-Origin",originHeader);
32 
+        }else{
33 
+            response.setHeader("Access-Control-Allow-Origin","https://***.***.com");
34 
+        }
35 
+        response.setHeader("Access-Control-Allow-Origin", "http://10.152.72.7"); // 可写成受信任的站点
24 
         response.setHeader("Access-Control-Allow-Credentials","true");
 36 
         response.setHeader("Access-Control-Allow-Credentials","true");
25 
-        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS ,DELETE,PUT");
37 
+        response.setHeader("Access-Control-Allow-Methods", "POST, GET,DELETE,PUT");
26 
         response.setHeader("Access-Control-Max-Age", "31536000");
 38 
         response.setHeader("Access-Control-Max-Age", "31536000");
27 
         response.setHeader("Access-Control-Allow-Headers", "*");
 39 
         response.setHeader("Access-Control-Allow-Headers", "*");
28 
         if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
 40 
         if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {