From 6b5dd4d2be69759a8a2452195d0fb0b0ef52e72a Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: Wed, 28 Jul 2021 16:04:59 +0800
Subject: [PATCH] 优化XSS跨站脚本过滤

---
 ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
index 1053159..30718c3 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
@@ -88,7 +88,7 @@
     protected void configure(HttpSecurity httpSecurity) throws Exception
     {
         httpSecurity
-                // CRSF禁用，因为不使用session
+                // CSRF禁用，因为不使用session
                 .csrf().disable()
                 // 认证失败处理类
                 .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
@@ -100,12 +100,13 @@
                 .antMatchers("/login", "/captchaImage").anonymous()
                 .antMatchers(
                         HttpMethod.GET,
+                        "/",
                         "/*.html",
                         "/**/*.html",
                         "/**/*.css",
-                        "/**/*.js"
+                        "/**/*.js",
+                        "/profile/**"
                 ).permitAll()
-                .antMatchers("/profile/**").anonymous()
                 .antMatchers("/common/download**").anonymous()
                 .antMatchers("/common/download/resource**").anonymous()
                 .antMatchers("/swagger-ui.html").anonymous()

--
Gitblit v1.9.2