From dfab57b1d561354514e625fe8df7eed32d4000e2 Mon Sep 17 00:00:00 2001 From: liujun Date: Thu, 23 May 2024 16:00:45 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E4=BB=A3=E7=A0=81=E5=9B=9E=E6=BB=9A?= =?UTF-8?q?=E8=B0=83=E6=95=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/java/com/zcloud/config/CORSFilter.java | 7 ++++++- src/main/java/com/zcloud/config/EncodingFilterConfig.java | 1 + 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/zcloud/config/CORSFilter.java b/src/main/java/com/zcloud/config/CORSFilter.java index bd27fe84..62fc6011 100644 --- a/src/main/java/com/zcloud/config/CORSFilter.java +++ b/src/main/java/com/zcloud/config/CORSFilter.java @@ -48,7 +48,12 @@ public class CORSFilter implements Filter { response.setHeader("x-frame-options","SAMEORIGIN"); // **** response.setHeader("X-Content-Type-Options","nosniff"); response.setHeader("Content-Security-Policy","default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';"); - filterChain.doFilter(servletRequest, servletResponse); + // 一公司烯体哦那个系统漏洞修复 + response.setHeader("X-XSS-Protection", "1; mode=block"); + response.setHeader("X-Permitted-Cross-Domain-Policies", "none"); + response.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload"); + response.setHeader("Referrer-Policy", "strict-origin-when-cross-origin"); + filterChain.doFilter(servletRequest, servletResponse); // } } diff --git a/src/main/java/com/zcloud/config/EncodingFilterConfig.java b/src/main/java/com/zcloud/config/EncodingFilterConfig.java index 007f0a55..ec60b1b1 100644 --- a/src/main/java/com/zcloud/config/EncodingFilterConfig.java +++ b/src/main/java/com/zcloud/config/EncodingFilterConfig.java @@ -19,6 +19,7 @@ public class EncodingFilterConfig { characterEncodingFilter.setForceEncoding(true); characterEncodingFilter.setEncoding("UTF-8"); registrationBean.setFilter(characterEncodingFilter); + registrationBean.addUrlPatterns("/*"); return registrationBean; } } From f4fc8e2f258a2cbc636486750b07e262c3d18807 Mon Sep 17 00:00:00 2001 From: liujun Date: Tue, 23 Jul 2024 13:53:33 +0800 Subject: [PATCH 2/2] =?UTF-8?q?58=E6=9C=8D=E5=8A=A1=E5=99=A8=E9=87=8D?= =?UTF-8?q?=E7=BD=AE=E5=90=8E=EF=BC=8C=E9=87=8D=E7=BD=AE=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/resources/application-dev.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/application-dev.properties b/src/main/resources/application-dev.properties index 7f5b7918..5c116aac 100644 --- a/src/main/resources/application-dev.properties +++ b/src/main/resources/application-dev.properties @@ -71,7 +71,7 @@ smb.basePath=/mnt/wwag/file/ #Mq\u914D\u7F6E rocketmq.consumer.group2=edu-admin-edit rocketmq.consumer.group1=edu-admin-add -rocketmq.name-server=39.100.115.58:8899 +rocketmq.name-server=172.24.151.22:9876 rocketmq.producer.group=libmiddle rocketmq.producer.send-message-timeout=3000 rocketmq.producer.compress-message-body-threshold=4096