fix: 修复CSRF-TOKEN过期时没有跳转到登录页的问题

2021-03-23 10:12:19 +08:00 · 2021-03-23 10:12:19 +08:00 · 3c05d1c486
parent 8995209a15
commit 3c05d1c486
1 changed files with 6 additions and 1 deletions
--- a/backend/src/main/java/io/metersphere/security/CsrfFilter.java
+++ b/backend/src/main/java/io/metersphere/security/CsrfFilter.java
@ -42,7 +42,12 @@ public class CsrfFilter extends AnonymousFilter {
        // 请求头取出的token value
        String csrfToken = httpServletRequest.getHeader(TOKEN_NAME);
        // 校验 token
-        validateToken(csrfToken);
+        try {
+            validateToken(csrfToken);
+        } catch (ExpiredCredentialsException e) {
+            ((HttpServletResponse) response).setHeader("Authentication-Status", "invalid");
+            return true;
+        }
        // 校验 referer
        validateReferer(httpServletRequest);
        return true;