From e41dd8a0f1d4fd310b4e57094bed2bd85b3a22a6 Mon Sep 17 00:00:00 2001
From: 若依 <yzz_ivy@163.com>
Date: 星期五, 19 十一月 2021 14:53:16 +0800
Subject: [PATCH] !370 fix 修复关闭 xss 功能导致可重复读 RepeatableFilter 失效 Merge pull request !370 from 疯狂的狮子Li/master
---
ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java | 9 +++------
1 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
index 30718c3..58dd02a 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
@@ -49,7 +49,7 @@
*/
@Autowired
private JwtAuthenticationTokenFilter authenticationTokenFilter;
-
+
/**
* 跨域过滤器
*/
@@ -96,8 +96,8 @@
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
// 过滤请求
.authorizeRequests()
- // 对于登录login 验证码captchaImage 允许匿名访问
- .antMatchers("/login", "/captchaImage").anonymous()
+ // 对于登录login 注册register 验证码captchaImage 允许匿名访问
+ .antMatchers("/login", "/register", "/captchaImage").anonymous()
.antMatchers(
HttpMethod.GET,
"/",
@@ -107,8 +107,6 @@
"/**/*.js",
"/profile/**"
).permitAll()
- .antMatchers("/common/download**").anonymous()
- .antMatchers("/common/download/resource**").anonymous()
.antMatchers("/swagger-ui.html").anonymous()
.antMatchers("/swagger-resources/**").anonymous()
.antMatchers("/webjars/**").anonymous()
@@ -126,7 +124,6 @@
httpSecurity.addFilterBefore(corsFilter, LogoutFilter.class);
}
-
/**
* 强散列哈希加密实现
*/
--
Gitblit v1.9.2