//package com.nuvole.four.config.filter;
|
//
|
//import cn.hutool.core.util.StrUtil;
|
//import org.springframework.stereotype.Component;
|
//
|
//import javax.servlet.*;
|
//import javax.servlet.annotation.WebFilter;
|
//import javax.servlet.http.HttpServletRequest;
|
//import javax.servlet.http.HttpServletResponse;
|
//import java.io.IOException;
|
//
|
///**
|
// * @author ChenLong
|
// * @version 1.0
|
// * @ClassName XssFilter
|
// * @date 2019/7/16 19:21
|
// * @Description XSS过滤器
|
// */
|
//@Component
|
//@WebFilter(urlPatterns = "/*", filterName = "filter1")
|
//public class XssFilter implements Filter {
|
//
|
// public void destroy() {
|
//
|
// }
|
//
|
// public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
|
// HttpServletRequest req = (HttpServletRequest) request;
|
// HttpServletResponse resp = (HttpServletResponse) response;
|
// //点击劫持:X-Frame-Options未配置 漏洞修改
|
// resp.addHeader("x-frame-options","SAMEORIGIN");
|
// if (req.getMethod().equals("OPTIONS")) {
|
// chain.doFilter(req, resp);
|
// }else if(StrUtil.isNotBlank(req.getHeader("Content-Type")) && req.getHeader("Content-Type").startsWith("multipart/form-data;")) {
|
// chain.doFilter(req, resp);
|
// } else {
|
// chain.doFilter(new XssRequestWrapper(req), resp);
|
// }
|
// }
|
//
|
// public void init(FilterConfig filterConfig)throws ServletException{
|
//
|
// }
|
//
|
//}
|
