jwy
/
aeon_admin_back
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

accessControlAllowOrigin多域名

master
review512jwy@163.com 1 week ago
parent
c1d772ee25
commit
775c969940
1 changed files with 16 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 20
      dongjian-center-admin-controller/src/main/java/com/dongjian/datacenter/admin/configurator/CrosXssFilter.java

20
dongjian-center-admin-controller/src/main/java/com/dongjian/datacenter/admin/configurator/CrosXssFilter.java
View File

@ -51,10 +51,22 @@ public class CrosXssFilter implements Filter {
HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletRequest httpRequest = (HttpServletRequest) request;
String referer = httpRequest.getHeader("Referer"); String referer = httpRequest.getHeader("Referer");
if (StringUtils.isNotBlank(referer) && !"*".equals(accessControlAllowOrigin) if (StringUtils.isNotBlank(referer) && !"*".equals(accessControlAllowOrigin)) {
&& !referer.startsWith(accessControlAllowOrigin)) { // 允许多个域名,逗号分隔
httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Invalid Referer"); String[] allowedOrigins = accessControlAllowOrigin.split(",");
return; boolean matched = false;
for (String origin : allowedOrigins) {
origin = origin.trim();
if (StringUtils.isNotBlank(origin) && referer.startsWith(origin)) {
matched = true;
break;
}
}
// 如果一个都不匹配,则返回 403
if (!matched) {
httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Invalid Referer");
return;
}
} }

Write Preview
Loading…
Cancel
Save