From febce89baf0ba88817b672422d30038edad313d7 Mon Sep 17 00:00:00 2001
From: "review512jwy@163.com" <“review512jwy@163.com”>
Date: Tue, 18 Nov 2025 08:48:03 +0800
Subject: [PATCH] =?UTF-8?q?javax=E6=94=B9jakarta?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../business/configurator/CrosXssFilter.java  | 21 +++++++++++--------
 .../business/configurator/RequestWrapper.java | 10 ++++-----
 .../resources/config/application.properties   |  1 +
 3 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/data-center-business-controller/src/main/java/com/techsor/datacenter/business/configurator/CrosXssFilter.java b/data-center-business-controller/src/main/java/com/techsor/datacenter/business/configurator/CrosXssFilter.java
index 7dbba2f..33535b6 100644
--- a/data-center-business-controller/src/main/java/com/techsor/datacenter/business/configurator/CrosXssFilter.java
+++ b/data-center-business-controller/src/main/java/com/techsor/datacenter/business/configurator/CrosXssFilter.java
@@ -2,15 +2,15 @@ package com.techsor.datacenter.business.configurator;
 
 import java.io.IOException;
 
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.annotation.WebFilter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.annotation.WebFilter;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -93,6 +93,9 @@ public class CrosXssFilter implements Filter {
                     // 设置允许的域名
                     httpServletResponse.setHeader("Access-Control-Allow-Origin", accessControlAllowOrigin);
                     httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
+
+                    // 修复 X-XSS-Protection 问题
+                    httpServletResponse.setHeader("X-XSS-Protection", "1; mode=block");
                     
                     
                     
diff --git a/data-center-business-controller/src/main/java/com/techsor/datacenter/business/configurator/RequestWrapper.java b/data-center-business-controller/src/main/java/com/techsor/datacenter/business/configurator/RequestWrapper.java
index 08ae10d..2626be9 100644
--- a/data-center-business-controller/src/main/java/com/techsor/datacenter/business/configurator/RequestWrapper.java
+++ b/data-center-business-controller/src/main/java/com/techsor/datacenter/business/configurator/RequestWrapper.java
@@ -12,11 +12,6 @@ import java.util.Map;
 import java.util.Set;
 import java.util.stream.Collectors;
 
-import javax.servlet.ReadListener;
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.owasp.encoder.Encode;
@@ -27,6 +22,11 @@ import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
 
+import jakarta.servlet.ReadListener;
+import jakarta.servlet.ServletInputStream;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+
 public class RequestWrapper extends HttpServletRequestWrapper {
     private final Logger log = LoggerFactory.getLogger(getClass());
     private static String key = "drop|chr|exec|insert|select|delete|update|count|mid|master|truncate|declare|-|+|sleep";
diff --git a/data-center-business-controller/src/main/resources/config/application.properties b/data-center-business-controller/src/main/resources/config/application.properties
index f253f3f..737b7f9 100644
--- a/data-center-business-controller/src/main/resources/config/application.properties
+++ b/data-center-business-controller/src/main/resources/config/application.properties
@@ -146,6 +146,7 @@ spring.web.resources.add-mappings=false
 
 server.servlet.session.cookie.http-only=true
 server.servlet.session.cookie.secure=true
+server.servlet.session.cookie.same-site=strict
 
 springdoc.swagger-ui.doc-expansion=none
 springdoc.swagger-ui.operations-sorter=alpha