fix: 跳转到 / 不用校验csrf

2021-03-10 17:29:44 +08:00 · 2021-03-10 17:29:44 +08:00 · 808f9de68b
parent 7c40fa3377
commit 808f9de68b
3 changed files with 13 additions and 9 deletions
--- a/backend/src/main/java/io/metersphere/config/ShiroConfig.java
+++ b/backend/src/main/java/io/metersphere/config/ShiroConfig.java
@ -49,6 +49,7 @@ public class ShiroConfig implements EnvironmentAware {
        Map<String, String> filterChainDefinitionMap = shiroFilterFactoryBean.getFilterChainDefinitionMap();
        ShiroUtils.loadBaseFilterChain(filterChainDefinitionMap);

+        filterChainDefinitionMap.put("/", "apikey, authc"); // 跳转到 / 不用校验 csrf
        filterChainDefinitionMap.put("/**", "apikey, csrf, authc");
        return shiroFilterFactoryBean;
    }
--- a/frontend/src/business/App.vue
+++ b/frontend/src/business/App.vue
@ -30,6 +30,7 @@ import MsUser from "./components/common/head/HeaderUser";
 import MsHeaderOrgWs from "./components/common/head/HeaderOrgWs";
 import MsLanguageSwitch from "./components/common/head/LanguageSwitch";
 import {saveLocalStorage} from "@/common/js/utils";
+import {registerRequestHeaders} from "@/common/js/ajax";

 const requireComponent = require.context('@/business/components/xpack/', true, /\.vue$/);
 const header = requireComponent.keys().length > 0 ? requireComponent("./license/LicenseMessage.vue") : {};
@ -53,6 +54,7 @@ export default {
    window.addEventListener("beforeunload", () => {
      localStorage.setItem("store", JSON.stringify(this.$store.state))
    })
+    registerRequestHeaders();
  },
  beforeCreate() {
    this.$get("/isLogin").then(response => {
--- a/frontend/src/common/js/ajax.js
+++ b/frontend/src/common/js/ajax.js
@ -3,6 +3,16 @@ import axios from "axios";
 import i18n from '../../i18n/i18n'
 import {TokenKey} from "@/common/js/constants";

+export function registerRequestHeaders() {
+  axios.interceptors.request.use(config => {
+    let user = JSON.parse(localStorage.getItem(TokenKey));
+    if (user && user.csrfToken) {
+      config.headers['CSRF-TOKEN'] = user.csrfToken;
+    }
+    return config;
+  });
+}
+
 export default {
  install(Vue) {

@ -40,15 +50,6 @@ export default {
      return Promise.reject(error);
    });

-    axios.interceptors.request.use(config => {
-      let user = JSON.parse(localStorage.getItem(TokenKey));
-      if (user && user.csrfToken) {
-        config.headers['CSRF-TOKEN'] = user.csrfToken;
-      }
-      return config;
-    });
-
-
    function then(success, response, result) {
      if (!response.data) {
        success(response);