refactor: apikey直接调用的接口不过滤csrf

This commit is contained in:
CaptainB 2024-02-26 10:27:40 +08:00 committed by 刘瑞斌
parent 1478332df2
commit bc63de118d
1 changed files with 4 additions and 4 deletions

View File

@ -32,10 +32,10 @@ public class CsrfFilter extends AnonymousFilter {
if (WebUtils.toHttp(request).getRequestURI().equals("/error")) { if (WebUtils.toHttp(request).getRequestURI().equals("/error")) {
return true; return true;
} }
// todo api 过来的请求 // api 过来的请求不需要 csrf
// if (ApiKeyHandler.isApiKeyCall(WebUtils.toHttp(request))) { if (ApiKeyHandler.isApiKeyCall(WebUtils.toHttp(request))) {
// return true; return true;
// } }
// websocket 不需要csrf // websocket 不需要csrf
String websocketKey = httpServletRequest.getHeader("Sec-WebSocket-Key"); String websocketKey = httpServletRequest.getHeader("Sec-WebSocket-Key");
if (StringUtils.isNotBlank(websocketKey)) { if (StringUtils.isNotBlank(websocketKey)) {