Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
smart_gov_platform
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
赵啸非
smart_gov_platform
Commits
e19a2332
Commit
e19a2332
authored
Oct 09, 2024
by
赵啸非
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
提交配置校验
parent
669509f1
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
28 additions
and
3 deletions
+28
-3
base-manager/src/main/java/com/mortals/xhx/base/framework/filter/SameSiteCookieFilter.java
...rtals/xhx/base/framework/filter/SameSiteCookieFilter.java
+26
-2
base-manager/src/main/resources/bootstrap.yml
base-manager/src/main/resources/bootstrap.yml
+2
-1
No files found.
base-manager/src/main/java/com/mortals/xhx/base/framework/filter/SameSiteCookieFilter.java
View file @
e19a2332
package
com.mortals.xhx.base.framework.filter
;
import
cn.hutool.core.util.StrUtil
;
import
lombok.extern.slf4j.Slf4j
;
import
org.springframework.context.annotation.ComponentScan
;
import
org.springframework.http.ResponseCookie
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.boot.autoconfigure.condition.ConditionalOnExpression
;
import
org.springframework.context.annotation.Profile
;
import
org.springframework.stereotype.Component
;
import
org.springframework.util.ObjectUtils
;
import
javax.servlet.*
;
import
javax.servlet.http.*
;
import
java.io.IOException
;
import
java.util.List
;
@Slf4j
@Component
@Profile
({
"yanyuan"
,
"test"
})
public
class
SameSiteCookieFilter
implements
Filter
{
/**
* cookie的密钥
*/
@Value
(
"${trustedReferer:''}"
)
private
String
trustedReferer
;
@Override
public
void
doFilter
(
ServletRequest
request
,
ServletResponse
response
,
FilterChain
chain
)
throws
IOException
,
ServletException
{
HttpServletResponse
httpResponse
=
(
HttpServletResponse
)
response
;
HttpServletRequest
httpRequest
=
(
HttpServletRequest
)
request
;
Cookie
[]
cookies
=
((
HttpServletRequest
)
request
).
getCookies
();
if
(
cookies
!=
null
)
{
for
(
Cookie
cookie
:
cookies
)
{
...
...
@@ -26,7 +39,18 @@ public class SameSiteCookieFilter implements Filter {
httpResponse
.
addCookie
(
cookie
);
}
}
//cors
String
referer
=
httpRequest
.
getHeader
(
"Referer"
);
if
(
ObjectUtils
.
isEmpty
(
referer
))
chain
.
doFilter
(
request
,
response
);
List
<
String
>
trustReferers
=
StrUtil
.
split
(
trustedReferer
,
","
);
if
(
ObjectUtils
.
isEmpty
(
trustReferers
))
chain
.
doFilter
(
request
,
response
);
if
(
trustReferers
.
contains
(
referer
))
{
chain
.
doFilter
(
request
,
response
);
}
else
{
httpResponse
.
sendError
(
HttpServletResponse
.
SC_FORBIDDEN
,
"CSRF protection"
);
}
chain
.
doFilter
(
request
,
response
);
}
...
...
base-manager/src/main/resources/bootstrap.yml
View file @
e19a2332
...
...
@@ -48,4 +48,5 @@ application:
uncheckUrl
:
/refresh,/error,/login/login,/login/index,/login/logout,/securitycode/createCode,/file/common/*,/test*,/padsign/*,/terminal/*,/resource/list,/api/asset/*,/api/*,/flow/*,/uploads/*,/project/file/*,/file/*,/assessment/*
dm
:
enable
:
true
jsonCheck
:
@
profiles.req.json.check@
\ No newline at end of file
jsonCheck
:
@
profiles.req.json.check@
trustedReferer
:
http://192.168.0.98:11072/,http://192.168.0.98:11072
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
