javax改jakarta

1 week ago · febce89baf
3 changed files with 18 additions and 14 deletions
--- a/data-center-business-controller/src/main/java/com/techsor/datacenter/business/configurator/CrosXssFilter.java
+++ b/data-center-business-controller/src/main/java/com/techsor/datacenter/business/configurator/CrosXssFilter.java
@ -2,15 +2,15 @@ package com.techsor.datacenter.business.configurator;

 import java.io.IOException;

-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.annotation.WebFilter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.annotation.WebFilter;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;

 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@ -94,6 +94,9 @@ public class CrosXssFilter implements Filter {
                    httpServletResponse.setHeader("Access-Control-Allow-Origin", accessControlAllowOrigin);
                    httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");

+                    // 修复 X-XSS-Protection 问题
+                    httpServletResponse.setHeader("X-XSS-Protection", "1; mode=block");
+                    
                    
                    
                    if ("OPTIONS".equals(((HttpServletRequest) request).getMethod())) {
--- a/data-center-business-controller/src/main/java/com/techsor/datacenter/business/configurator/RequestWrapper.java
+++ b/data-center-business-controller/src/main/java/com/techsor/datacenter/business/configurator/RequestWrapper.java
@ -12,11 +12,6 @@ import java.util.Map;
 import java.util.Set;
 import java.util.stream.Collectors;

-import javax.servlet.ReadListener;
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.owasp.encoder.Encode;
@ -27,6 +22,11 @@ import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;

+import jakarta.servlet.ReadListener;
+import jakarta.servlet.ServletInputStream;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+
 public class RequestWrapper extends HttpServletRequestWrapper {
    private final Logger log = LoggerFactory.getLogger(getClass());
    private static String key = "drop|chr|exec|insert|select|delete|update|count|mid|master|truncate|declare|-|+|sleep";
--- a/data-center-business-controller/src/main/resources/config/application.properties
+++ b/data-center-business-controller/src/main/resources/config/application.properties
@ -146,6 +146,7 @@ spring.web.resources.add-mappings=false

 server.servlet.session.cookie.http-only=true
 server.servlet.session.cookie.secure=true
+server.servlet.session.cookie.same-site=strict

 springdoc.swagger-ui.doc-expansion=none
 springdoc.swagger-ui.operations-sorter=alpha