From 8007b22b8569dc8036df95adb58f6ca53c8eb04c Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期四, 27 一月 2022 12:04:40 +0800
Subject: [PATCH] 导出Excel时屏蔽公式，防止CSV注入风险

---
 ruoyi-common/src/main/java/com/ruoyi/common/utils/file/FileUtils.java |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/file/FileUtils.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/file/FileUtils.java
index 04ae9b1..dd1bcc4 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/file/FileUtils.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/file/FileUtils.java
@@ -210,7 +210,10 @@
                 .append("utf-8''")
                 .append(percentEncodedFileName);
 
+        response.addHeader("Access-Control-Allow-Origin", "*");
+        response.addHeader("Access-Control-Expose-Headers", "Content-Disposition,download-filename");
         response.setHeader("Content-disposition", contentDispositionValue.toString());
+        response.setHeader("download-filename", percentEncodedFileName);
     }
 
     /**

--
Gitblit v1.9.2