test-version22
/
MeterSphere
mirror of https://gitee.com/fit2cloud-feizhiyun/MeterSphere.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: socket 链接不用经过csrf

This commit is contained in:
Captain.B 2021-03-11 11:28:01 +08:00
parent 511278843d
commit 061966ce36
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
backend/src/main/java/io/metersphere/config/ShiroConfig.java
View File

@ -49,11 +49,16 @@ public class ShiroConfig implements EnvironmentAware {
Map<String, String> filterChainDefinitionMap = shiroFilterFactoryBean.getFilterChainDefinitionMap();
ShiroUtils.loadBaseFilterChain(filterChainDefinitionMap);
filterChainDefinitionMap.put("/", "apikey, authc"); // 跳转到 / 不用校验 csrf
ignoreCsrfFilter(filterChainDefinitionMap);
filterChainDefinitionMap.put("/**", "apikey, csrf, authc");
return shiroFilterFactoryBean;
}
private void ignoreCsrfFilter(Map<String, String> filterChainDefinitionMap) {
filterChainDefinitionMap.put("/", "apikey, authc"); // 跳转到 / 不用校验 csrf
filterChainDefinitionMap.put("/performance/report/*", "apikey, authc"); // socket 不用校验 csrf
}
@Bean(name = "shiroFilter")
public FilterRegistrationBean<Filter> shiroFilter(ShiroFilterFactoryBean shiroFilterFactoryBean) throws Exception {
FilterRegistrationBean<Filter> registration = new FilterRegistrationBean<>();