From a8219a1c955a9bb84300a52944ab886c604a4512 Mon Sep 17 00:00:00 2001
From: Administrator <15274802129@163.com>
Date: Sun, 14 Jun 2026 16:54:52 +0800
Subject: [PATCH] fix(security): 修复CORS配置中的安全漏洞
---
src/main/java/cc/mrbird/febs/common/configure/WebMvcConfigure.java | 13 +++++++++++++
1 files changed, 13 insertions(+), 0 deletions(-)
diff --git a/src/main/java/cc/mrbird/febs/common/configure/WebMvcConfigure.java b/src/main/java/cc/mrbird/febs/common/configure/WebMvcConfigure.java
index 7165cd8..f729211 100644
--- a/src/main/java/cc/mrbird/febs/common/configure/WebMvcConfigure.java
+++ b/src/main/java/cc/mrbird/febs/common/configure/WebMvcConfigure.java
@@ -2,6 +2,7 @@
import cc.mrbird.febs.common.interceptor.LoginInterceptor;
import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.InterceptorRegistration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@@ -32,6 +33,9 @@
registration.excludePathPatterns("/api/xcxPay/wxpayCallback");
registration.excludePathPatterns("/api/xcxPay/rechargeCallBack");
registration.excludePathPatterns("/api/xcxPay/fapiaoCallBack");
+ registration.excludePathPatterns("/api/fuPayReturn/callback");
+ registration.excludePathPatterns("/api/fuPayReturn/payment/callback");
+ registration.excludePathPatterns("/api/fuPay/notify");
// 添加Swagger UI相关路径
registration.excludePathPatterns("/api/swagger-ui.html");
@@ -40,4 +44,13 @@
registration.excludePathPatterns("/configuration/security");
registration.excludePathPatterns("/swagger-resources");
}
+
+ @Override
+ public void addCorsMappings( CorsRegistry registry) {
+ // 跨域请求配置
+ registry.addMapping("/**")//允许请求路径
+ .allowedOrigins("*")//表示允许所有网址发起跨域请求
+ .allowedMethods("POST", "GET", "PUT", "OPTIONS", "DELETE")//表示允许跨域请求的方法
+ .maxAge(3600);//表示在3600秒内不需要再发送预校验请求
+ }
}
--
Gitblit v1.9.1