From fc72b670908bc0d9b00a8e9aa7e36499055e792d Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期五, 13 九月 2024 18:02:44 +0800
Subject: [PATCH] update 优化 全局开启xss过滤 提高安全性 与cloud版本保持一致

---
 ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/config/FilterConfig.java |   11 ++---------
 1 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/config/FilterConfig.java b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/config/FilterConfig.java
index 91fff76..bc27d6f 100644
--- a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/config/FilterConfig.java
+++ b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/config/FilterConfig.java
@@ -1,18 +1,14 @@
 package org.dromara.common.web.config;
 
-import org.dromara.common.core.utils.StringUtils;
+import jakarta.servlet.DispatcherType;
 import org.dromara.common.web.config.properties.XssProperties;
 import org.dromara.common.web.filter.RepeatableFilter;
 import org.dromara.common.web.filter.XssFilter;
-import jakarta.servlet.DispatcherType;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
-
-import java.util.HashMap;
-import java.util.Map;
 
 /**
  * Filter閰嶇疆
@@ -30,12 +26,9 @@
         FilterRegistrationBean registration = new FilterRegistrationBean();
         registration.setDispatcherTypes(DispatcherType.REQUEST);
         registration.setFilter(new XssFilter());
-        registration.addUrlPatterns(StringUtils.split(xssProperties.getUrlPatterns(), StringUtils.SEPARATOR));
+        registration.addUrlPatterns("/*");
         registration.setName("xssFilter");
         registration.setOrder(FilterRegistrationBean.HIGHEST_PRECEDENCE);
-        Map<String, String> initParameters = new HashMap<>();
-        initParameters.put("excludes", xssProperties.getExcludes());
-        registration.setInitParameters(initParameters);
         return registration;
     }
 

--
Gitblit v1.9.3