fix 修复 xss初始化错误问题

2026-03-22 10:47:17 +08:00 · 2024-12-13 17:11:45 +08:00
parent 5414260082
commit d812c74535
1 changed files with 12 additions and 12 deletions
--- a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssFilter.java
+++ b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssFilter.java
@@ -1,9 +1,9 @@
 package org.dromara.common.web.filter;

+import cn.hutool.core.collection.CollUtil;
 import jakarta.servlet.*;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import org.dromara.common.core.utils.ServletUtils;
 import org.dromara.common.core.utils.SpringUtils;
 import org.dromara.common.core.utils.StringUtils;
 import org.dromara.common.web.config.properties.XssProperties;
@@ -25,17 +25,7 @@ public class XssFilter implements Filter {
    public List<String> excludes = new ArrayList<>();

    @Override
-    public void init(FilterConfig filterConfig) throws ServletException {
-        XssProperties properties = SpringUtils.getBean(XssProperties.class);
-        HttpServletRequest request = ServletUtils.getRequest();
-        // 从请求头获取gateway转发的服务前缀
-        String prefix = StringUtils.blankToDefault(request.getHeader("X-Forwarded-Prefix"), "");
-        List<String> excludeUrls = properties.getExcludeUrls()
-            .stream()
-            .filter(x -> StringUtils.startsWith(x, prefix))
-            .map(x -> x.replaceFirst(prefix, StringUtils.EMPTY))
-            .toList();
-        excludes.addAll(excludeUrls);
+    public void init(FilterConfig filterConfig) {
    }

    @Override
@@ -58,6 +48,16 @@ public class XssFilter implements Filter {
        if (method == null || HttpMethod.GET.matches(method) || HttpMethod.DELETE.matches(method)) {
            return true;
        }
+        if (CollUtil.isEmpty(excludes)) {
+            XssProperties properties = SpringUtils.getBean(XssProperties.class);
+            // 从请求头获取gateway转发的服务前缀
+            String prefix = StringUtils.blankToDefault(request.getHeader("X-Forwarded-Prefix"), "");
+            List<String> excludeUrls = properties.getExcludeUrls().stream()
+                .filter(x -> StringUtils.startsWith(x, prefix))
+                .map(x -> x.replaceFirst(prefix, StringUtils.EMPTY))
+                .toList();
+            excludes.addAll(excludeUrls);
+        }
        return StringUtils.matches(url, excludes);
    }