refactor: apikey直接调用的接口不过滤csrf

2024-02-26 10:27:40 +08:00 · 2024-02-26 10:27:40 +08:00 · bc63de118d
parent 1478332df2
commit bc63de118d
1 changed files with 4 additions and 4 deletions
--- a/backend/services/system-setting/src/main/java/io/metersphere/system/security/CsrfFilter.java
+++ b/backend/services/system-setting/src/main/java/io/metersphere/system/security/CsrfFilter.java
@ -32,10 +32,10 @@ public class CsrfFilter extends AnonymousFilter {
        if (WebUtils.toHttp(request).getRequestURI().equals("/error")) {
            return true;
        }
-        // todo api 过来的请求
-//        if (ApiKeyHandler.isApiKeyCall(WebUtils.toHttp(request))) {
-//            return true;
-//        }
+        // api 过来的请求不需要 csrf
+        if (ApiKeyHandler.isApiKeyCall(WebUtils.toHttp(request))) {
+            return true;
+        }
        // websocket 不需要csrf
        String websocketKey = httpServletRequest.getHeader("Sec-WebSocket-Key");
        if (StringUtils.isNotBlank(websocketKey)) {