产品型号: F15K-S380_220F
parent: 88385f3c | 补丁 | 提交 | show whitespace
whyclxw
2024-12-03 d77a35b51e2046e341cc686c99b59cb1cdf02ad5 
跨域
2个文件已修改
6 ■■■■ 已修改文件
src/main/java/com/whyc/F15KS380F220Application.java 2 ●●● 补丁 | 查看 | 原始文档 | blame | 历史
src/main/java/com/whyc/filter/CrossDomainFilter.java 4 ●●●● 补丁 | 查看 | 原始文档 | blame | 历史 
 src/main/java/com/whyc/F15KS380F220Application.java


@@ -7,7 +7,7 @@




@EnableWebMvc


@SpringBootApplication


//@ServletComponentScan(basePackages = {"com.whyc.filter"})


@ServletComponentScan(basePackages = {"com.whyc.filter"})


public class F15KS380F220Application {


    public static void main(String[] args) {


        SpringApplication.run(F15KS380F220Application.class, args);




 src/main/java/com/whyc/filter/CrossDomainFilter.java


@@ -52,14 +52,14 @@


        resp.setHeader("Access-Control-Allow-Methods", "GET, POST");


        resp.setHeader("Access-Control-Allow-Credentials", "true");


        //只准使用GET,POST


        String method = req.getMethod().toUpperCase();


       /* String method = req.getMethod().toUpperCase();


        String profileType = YamlProperties.profileType;


        if(!profileType.contains("dev") && !(method.equals("GET")||method.equals("POST"))){


            resp.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);


            response.setContentType("text/html;charset=utf-8");


            response.getWriter().write("不安全的请求");


            return;


        }


        }*/


        //处理响应头缺失,信息漏洞


        /*resp.addHeader("X-Frame-Options","SAMEORIGIN");


        resp.addHeader("Referrer-Policy","origin");