public/dataease
1
0
Fork 0
mirror of https://github.com/dataease/dataease.git synced 2026-06-12 16:31:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: 增加 Content-Security-Policy 等安全标识

Browse Source
This commit is contained in:
wangjiahao
2026-06-11 11:35:46 +08:00
parent adab5f1e89
commit f6f704813b
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
sdk/common/src/main/java/io/dataease/filter/HtmlResourceFilter.java
View File

@@ -37,6 +37,10 @@ public class HtmlResourceFilter implements Filter, Ordered {
httpResponse.setHeader(HttpHeaders.PRAGMA, "no-cache");
httpResponse.setHeader(HttpHeaders.EXPIRES, "0");
}
httpResponse.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'self'");
httpResponse.setHeader("X-Content-Type-Options", "nosniff");
httpResponse.setHeader("X-Frame-Options", "SAMEORIGIN");
httpResponse.setHeader("X-XSS-Protection", "1; mode=block");
// 继续执行过滤器链
try {
filterChain.doFilter(servletRequest, httpResponse);