public/dataease
1
0
Fork 0
mirror of https://github.com/dataease/dataease.git synced 2026-06-10 14:17:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: 回退全局静态后缀白名单匹配过宽

Browse Source
This commit is contained in:
tjlygdx
2026-05-19 15:53:42 +08:00
parent 08d1a27dd1
commit bd4a2cac5c
1 changed files with 1 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
sdk/common/src/main/java/io/dataease/utils/WhitelistUtils.java
View File

@@ -13,13 +13,6 @@ import static io.dataease.result.ResultCode.INTERFACE_ADDRESS_INVALID;
public class WhitelistUtils {
private static String contextPath;
private static final List<String> STATIC_PATH_PREFIXES = List.of(
"/assets/",
"/static/"
);
private static final List<String> STATIC_FILES = List.of(
"/favicon.ico"
);
public static String getContextPath() {
@@ -75,7 +68,7 @@ public class WhitelistUtils {
requestURI = requestURI.replaceFirst(AuthConstant.DE_OIDCAPI_PREFIX, "");
}
return WHITE_PATH.contains(requestURI)
|| isStaticAssetRequest(requestURI)
|| StringUtils.endsWithAny(requestURI, ".gif",".ico", "js", ".css", "svg", "png", "jpg", "js.map", ".otf", ".ttf", ".woff2")
|| StringUtils.startsWithAny(requestURI, "data:image")
|| StringUtils.startsWithAny(requestURI, "/login/platformLogin/")
|| StringUtils.startsWithAny(requestURI, "/static-resource/")
@@ -100,11 +93,6 @@ public class WhitelistUtils {
|| StringUtils.startsWithAny(requestURI, "/communicate/down/");
}
private static boolean isStaticAssetRequest(String requestURI) {
return STATIC_FILES.contains(requestURI)
|| STATIC_PATH_PREFIXES.stream().anyMatch(requestURI::startsWith);
}
public static String getBaseApiUrl(String redirect_uri) {
if (StringUtils.endsWith(redirect_uri, "/")) {
redirect_uri = redirect_uri.substring(0, redirect_uri.length() - 1);