From 775c9699403e3b46de03e154e03efbe60c83dfc2 Mon Sep 17 00:00:00 2001 From: "review512jwy@163.com" <“review512jwy@163.com”> Date: Wed, 19 Nov 2025 10:41:26 +0800 Subject: [PATCH] =?UTF-8?q?accessControlAllowOrigin=E5=A4=9A=E5=9F=9F?= =?UTF-8?q?=E5=90=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../admin/configurator/CrosXssFilter.java | 20 +++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/dongjian-center-admin-controller/src/main/java/com/dongjian/datacenter/admin/configurator/CrosXssFilter.java b/dongjian-center-admin-controller/src/main/java/com/dongjian/datacenter/admin/configurator/CrosXssFilter.java index fcb1788..374ac06 100644 --- a/dongjian-center-admin-controller/src/main/java/com/dongjian/datacenter/admin/configurator/CrosXssFilter.java +++ b/dongjian-center-admin-controller/src/main/java/com/dongjian/datacenter/admin/configurator/CrosXssFilter.java @@ -51,10 +51,22 @@ public class CrosXssFilter implements Filter { HttpServletRequest httpRequest = (HttpServletRequest) request; String referer = httpRequest.getHeader("Referer"); - if (StringUtils.isNotBlank(referer) && !"*".equals(accessControlAllowOrigin) - && !referer.startsWith(accessControlAllowOrigin)) { - httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Invalid Referer"); - return; + if (StringUtils.isNotBlank(referer) && !"*".equals(accessControlAllowOrigin)) { + // 允许多个域名,逗号分隔 + String[] allowedOrigins = accessControlAllowOrigin.split(","); + boolean matched = false; + for (String origin : allowedOrigins) { + origin = origin.trim(); + if (StringUtils.isNotBlank(origin) && referer.startsWith(origin)) { + matched = true; + break; + } + } + // 如果一个都不匹配,则返回 403 + if (!matched) { + httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Invalid Referer"); + return; + } }