fix: 没有登录不需要校验csrf

2021-03-10 16:56:19 +08:00 · 2021-03-10 16:56:19 +08:00 · 7c40fa3377
parent 9de992a91c
commit 7c40fa3377
1 changed files with 1 additions and 0 deletions
--- a/backend/src/main/java/io/metersphere/security/CsrfFilter.java
+++ b/backend/src/main/java/io/metersphere/security/CsrfFilter.java
@ -26,6 +26,7 @@ public class CsrfFilter extends AnonymousFilter {

        if (!SecurityUtils.getSubject().isAuthenticated()) {
            ((HttpServletResponse) response).setHeader("Authentication-Status", "invalid");
+            return true;
        }
        // api 过来的请求
        if (ApiKeyHandler.isApiKeyCall(WebUtils.toHttp(request))) {