From bc63de118da7e378d959c6c9ef3a0ddb56da7086 Mon Sep 17 00:00:00 2001
From: CaptainB <bin@fit2cloud.com>
Date: Mon, 26 Feb 2024 10:27:40 +0800
Subject: [PATCH] =?UTF-8?q?refactor:=20apikey=E7=9B=B4=E6=8E=A5=E8=B0=83?=
 =?UTF-8?q?=E7=94=A8=E7=9A=84=E6=8E=A5=E5=8F=A3=E4=B8=8D=E8=BF=87=E6=BB=A4?=
 =?UTF-8?q?csrf?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/io/metersphere/system/security/CsrfFilter.java   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/security/CsrfFilter.java b/backend/services/system-setting/src/main/java/io/metersphere/system/security/CsrfFilter.java
index 5fb38334d6..a7d05a6a2a 100644
--- a/backend/services/system-setting/src/main/java/io/metersphere/system/security/CsrfFilter.java
+++ b/backend/services/system-setting/src/main/java/io/metersphere/system/security/CsrfFilter.java
@@ -32,10 +32,10 @@ public class CsrfFilter extends AnonymousFilter {
         if (WebUtils.toHttp(request).getRequestURI().equals("/error")) {
             return true;
         }
-        // todo api 过来的请求
-//        if (ApiKeyHandler.isApiKeyCall(WebUtils.toHttp(request))) {
-//            return true;
-//        }
+        // api 过来的请求不需要 csrf
+        if (ApiKeyHandler.isApiKeyCall(WebUtils.toHttp(request))) {
+            return true;
+        }
         // websocket 不需要csrf
         String websocketKey = httpServletRequest.getHeader("Sec-WebSocket-Key");
         if (StringUtils.isNotBlank(websocketKey)) {