powerIntelligenceSystem.git

main / powerIntelligenceSystem

山西直流电源系统

概况
操作记录
提交次数
目录
文档
派生
对比

blame | 历史 | 补丁 | 提交 | 提交对比 | ignore whitespace

Access-Control-Expose-Headers导出暴漏文件名

whyclxw

2025-06-05 fdf7e652a58601817fc5402f828305417ef39a67

 src/main/java/com/whyc/filter/CrossDomainFilter.java

@@ -74,7 +74,7 @@
        resp.setHeader("X-XSS-Protection","1; mode=block");
        resp.setHeader("X-Download-Options","noopen");
        resp.setHeader("Strict-Transport-Security","max-age=63072000; includeSubdomains; preload");

        resp.setHeader("Access-Control-Expose-Headers", "Content-Disposition");
        //单页面应用,只允许一个页面index.html
        String servletPath = req.getServletPath();
        if(servletPath.contains(".html")){

			@@ -74,7 +74,7 @@
			resp.setHeader("X-XSS-Protection","1; mode=block");
			resp.setHeader("X-Download-Options","noopen");
			resp.setHeader("Strict-Transport-Security","max-age=63072000; includeSubdomains; preload");

			resp.setHeader("Access-Control-Expose-Headers", "Content-Disposition");
			//单页面应用,只允许一个页面index.html
			String servletPath = req.getServletPath();
			if(servletPath.contains(".html")){