guoyuepeng
/
qa-prevention-gwj
1
0
Fork 3
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Merge branch 'refs/heads/liujun-2024-05-23-接口漏洞修复' into dev

pet-图片单独上传接口-2024.8.28-徐绎丰
water_xu 2024-07-31 16:40:42 +08:00
parent 0d53cd65d9 dfab57b1d5
commit f05613efad
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/java/com/zcloud/config/CORSFilter.java
View File

@ -48,7 +48,12 @@ public class CORSFilter implements Filter {
response.setHeader("x-frame-options","SAMEORIGIN"); // ****
response.setHeader("X-Content-Type-Options","nosniff");
response.setHeader("Content-Security-Policy","default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';");
filterChain.doFilter(servletRequest, servletResponse);
// 一公司烯体哦那个系统漏洞修复
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Permitted-Cross-Domain-Policies", "none");
response.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload");
response.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
filterChain.doFilter(servletRequest, servletResponse);
// }
}

1
src/main/java/com/zcloud/config/EncodingFilterConfig.java
View File

@ -19,6 +19,7 @@ public class EncodingFilterConfig {
characterEncodingFilter.setForceEncoding(true);
characterEncodingFilter.setEncoding("UTF-8");
registrationBean.setFilter(characterEncodingFilter);
registrationBean.addUrlPatterns("/*");
return registrationBean;
}
}