From 808f9de68b90c6160b718dc53d26df184a668537 Mon Sep 17 00:00:00 2001 From: "Captain.B" Date: Wed, 10 Mar 2021 17:29:44 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E8=B7=B3=E8=BD=AC=E5=88=B0=20/=20?= =?UTF-8?q?=E4=B8=8D=E7=94=A8=E6=A0=A1=E9=AA=8Ccsrf?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../io/metersphere/config/ShiroConfig.java | 1 + frontend/src/business/App.vue | 2 ++ frontend/src/common/js/ajax.js | 19 ++++++++++--------- 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/backend/src/main/java/io/metersphere/config/ShiroConfig.java b/backend/src/main/java/io/metersphere/config/ShiroConfig.java index 1b5b18770a..05729f12d8 100644 --- a/backend/src/main/java/io/metersphere/config/ShiroConfig.java +++ b/backend/src/main/java/io/metersphere/config/ShiroConfig.java @@ -49,6 +49,7 @@ public class ShiroConfig implements EnvironmentAware { Map filterChainDefinitionMap = shiroFilterFactoryBean.getFilterChainDefinitionMap(); ShiroUtils.loadBaseFilterChain(filterChainDefinitionMap); + filterChainDefinitionMap.put("/", "apikey, authc"); // 跳转到 / 不用校验 csrf filterChainDefinitionMap.put("/**", "apikey, csrf, authc"); return shiroFilterFactoryBean; } diff --git a/frontend/src/business/App.vue b/frontend/src/business/App.vue index 6362aa95bd..d547ff19dd 100644 --- a/frontend/src/business/App.vue +++ b/frontend/src/business/App.vue @@ -30,6 +30,7 @@ import MsUser from "./components/common/head/HeaderUser"; import MsHeaderOrgWs from "./components/common/head/HeaderOrgWs"; import MsLanguageSwitch from "./components/common/head/LanguageSwitch"; import {saveLocalStorage} from "@/common/js/utils"; +import {registerRequestHeaders} from "@/common/js/ajax"; const requireComponent = require.context('@/business/components/xpack/', true, /\.vue$/); const header = requireComponent.keys().length > 0 ? requireComponent("./license/LicenseMessage.vue") : {}; @@ -53,6 +54,7 @@ export default { window.addEventListener("beforeunload", () => { localStorage.setItem("store", JSON.stringify(this.$store.state)) }) + registerRequestHeaders(); }, beforeCreate() { this.$get("/isLogin").then(response => { diff --git a/frontend/src/common/js/ajax.js b/frontend/src/common/js/ajax.js index 50b639a0a3..b199a9f47f 100644 --- a/frontend/src/common/js/ajax.js +++ b/frontend/src/common/js/ajax.js @@ -3,6 +3,16 @@ import axios from "axios"; import i18n from '../../i18n/i18n' import {TokenKey} from "@/common/js/constants"; +export function registerRequestHeaders() { + axios.interceptors.request.use(config => { + let user = JSON.parse(localStorage.getItem(TokenKey)); + if (user && user.csrfToken) { + config.headers['CSRF-TOKEN'] = user.csrfToken; + } + return config; + }); +} + export default { install(Vue) { @@ -40,15 +50,6 @@ export default { return Promise.reject(error); }); - axios.interceptors.request.use(config => { - let user = JSON.parse(localStorage.getItem(TokenKey)); - if (user && user.csrfToken) { - config.headers['CSRF-TOKEN'] = user.csrfToken; - } - return config; - }); - - function then(success, response, result) { if (!response.data) { success(response);