diff --git a/sdk/common/src/main/java/io/dataease/utils/WhitelistUtils.java b/sdk/common/src/main/java/io/dataease/utils/WhitelistUtils.java
index 8fab4b1911..86dc73cd16 100644
--- a/sdk/common/src/main/java/io/dataease/utils/WhitelistUtils.java
+++ b/sdk/common/src/main/java/io/dataease/utils/WhitelistUtils.java
@@ -13,6 +13,13 @@ import static io.dataease.result.ResultCode.INTERFACE_ADDRESS_INVALID;
 public class WhitelistUtils {
 
     private static String contextPath;
+    private static final List<String> STATIC_PATH_PREFIXES = List.of(
+            "/assets/",
+            "/static/"
+    );
+    private static final List<String> STATIC_FILES = List.of(
+            "/favicon.ico"
+    );
 
 
     public static String getContextPath() {
@@ -68,7 +75,7 @@ public class WhitelistUtils {
             requestURI = requestURI.replaceFirst(AuthConstant.DE_OIDCAPI_PREFIX, "");
         }
         return WHITE_PATH.contains(requestURI)
-                || StringUtils.endsWithAny(requestURI, ".gif",".ico", "js", ".css", "svg", "png", "jpg", "js.map", ".otf", ".ttf", ".woff2")
+                || isStaticAssetRequest(requestURI)
                 || StringUtils.startsWithAny(requestURI, "data:image")
                 || StringUtils.startsWithAny(requestURI, "/login/platformLogin/")
                 || StringUtils.startsWithAny(requestURI, "/static-resource/")
@@ -93,6 +100,11 @@ public class WhitelistUtils {
                 || StringUtils.startsWithAny(requestURI, "/communicate/down/");
     }
 
+    private static boolean isStaticAssetRequest(String requestURI) {
+        return STATIC_FILES.contains(requestURI)
+                || STATIC_PATH_PREFIXES.stream().anyMatch(requestURI::startsWith);
+    }
+
     public static String getBaseApiUrl(String redirect_uri) {
         if (StringUtils.endsWith(redirect_uri, "/")) {
             redirect_uri = redirect_uri.substring(0, redirect_uri.length() - 1);