| | |
|---|
| | | } |
|---|
| | | } |
|---|
| | | }*/ |
|---|
| | | resp.setHeader("Access-Control-Allow-Origin", "*"); |
|---|
| | | resp.setHeader("Access-Control-Allow-Origin", origin); |
|---|
| | | resp.setHeader("Access-Control-Allow-Headers", "X-Requested-With,content-type,token"); |
|---|
| | | resp.setHeader("Access-Control-Allow-Methods", "GET, POST"); |
|---|
| | | resp.setHeader("Access-Control-Allow-Credentials", "true"); |
|---|
| | | //只准使用GET,POST |
|---|
| | | String method = req.getMethod().toUpperCase(); |
|---|
| | | /*String method = req.getMethod().toUpperCase(); |
|---|
| | | String profileType = YamlProperties.profileType; |
|---|
| | | if(!profileType.contains("dev") && !(method.equals("GET")||method.equals("POST"))){ |
|---|
| | | resp.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED); |
|---|
| | | response.setContentType("text/html;charset=utf-8"); |
|---|
| | | response.getWriter().write("不安全的请求"); |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | }*/ |
|---|
| | | //处理响应头缺失,信息漏洞 |
|---|
| | | /*resp.addHeader("X-Frame-Options","SAMEORIGIN"); |
|---|
| | | resp.addHeader("Referrer-Policy","origin"); |
|---|
