From f0f00e9ba8a755e4317e029d73b69a92ad9f9df1 Mon Sep 17 00:00:00 2001
From: kongzy <kongzy>
Date: 星期六, 14 九月 2024 17:02:41 +0800
Subject: [PATCH] update

---
 exam-framework/src/main/java/com/gkhy/exam/framework/security/SecurityConfig.java |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/exam-framework/src/main/java/com/gkhy/exam/framework/security/SecurityConfig.java b/exam-framework/src/main/java/com/gkhy/exam/framework/security/SecurityConfig.java
index 98a3e29..b08e275 100644
--- a/exam-framework/src/main/java/com/gkhy/exam/framework/security/SecurityConfig.java
+++ b/exam-framework/src/main/java/com/gkhy/exam/framework/security/SecurityConfig.java
@@ -100,6 +100,7 @@
         permitAllUrl.getUrls().forEach(url -> registry.antMatchers(url).permitAll());
 
         httpSecurity
+                .cors().and()
                 // CSRF禁用，因为不使用session
                 .csrf().disable()
                 // 禁用HTTP响应标头
@@ -111,7 +112,7 @@
                 // 过滤请求
                 .authorizeRequests()
                 // 对于登录login 注册register 验证码captchaImage 允许匿名访问
-                .antMatchers("/**/login", "/register", "/system/captcha/captchaImage").permitAll()
+                .antMatchers("/**/login", "/register", "/system/captcha/captchaImage","/system/common/importExcel").permitAll()
                 // 静态资源，可匿名访问
                 .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**","/**/favicon.ico","/**/images/**").permitAll()
                 .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
@@ -128,6 +129,7 @@
         httpSecurity.addFilterBefore(corsFilter, LogoutFilter.class);
     }
 
+
     /**
      * 强散列哈希加密实现
      */

--
Gitblit v1.9.2