refactor: apikey直接调用的接口不过滤csrf
This commit is contained in:
parent
1478332df2
commit
bc63de118d
|
@ -32,10 +32,10 @@ public class CsrfFilter extends AnonymousFilter {
|
||||||
if (WebUtils.toHttp(request).getRequestURI().equals("/error")) {
|
if (WebUtils.toHttp(request).getRequestURI().equals("/error")) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
// todo api 过来的请求
|
// api 过来的请求不需要 csrf
|
||||||
// if (ApiKeyHandler.isApiKeyCall(WebUtils.toHttp(request))) {
|
if (ApiKeyHandler.isApiKeyCall(WebUtils.toHttp(request))) {
|
||||||
// return true;
|
return true;
|
||||||
// }
|
}
|
||||||
// websocket 不需要csrf
|
// websocket 不需要csrf
|
||||||
String websocketKey = httpServletRequest.getHeader("Sec-WebSocket-Key");
|
String websocketKey = httpServletRequest.getHeader("Sec-WebSocket-Key");
|
||||||
if (StringUtils.isNotBlank(websocketKey)) {
|
if (StringUtils.isNotBlank(websocketKey)) {
|
||||||
|
|
Loading…
Reference in New Issue