From a9b5a78e88c308363c7ae87cf3b08cd2edb806d2 Mon Sep 17 00:00:00 2001 From: wu Date: Wed, 31 Jul 2024 14:19:41 +0800 Subject: [PATCH] bugfix --- .../src/main/resources/application-druid.yml | 14 +++++-- .../src/main/resources/application.yml | 7 +++- .../config/AddResponseHeaderFilter.java | 39 +++++++++++++++++++ 3 files changed, 56 insertions(+), 4 deletions(-) create mode 100644 ruoyi-framework/src/main/java/com/ruoyi/framework/config/AddResponseHeaderFilter.java diff --git a/ruoyi-admin/src/main/resources/application-druid.yml b/ruoyi-admin/src/main/resources/application-druid.yml index 508339d..ea1c844 100644 --- a/ruoyi-admin/src/main/resources/application-druid.yml +++ b/ruoyi-admin/src/main/resources/application-druid.yml @@ -6,10 +6,18 @@ spring: druid: # 主库数据源 master: - #远程 - url: jdbc:mysql://192.167.2.56:3306/ying_ji?useUnicode=true&useSSL=false&characterEncoding=utf8&serverTimezone=UTC + #公司远程 + url: jdbc:mysql://39.101.188.84:3307/ying_ji?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8 username: root - password: Jichuang@2023 + password: Admin123@ + #本地 +# url: jdbc:mysql://localhost:3306/ying_ji?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8 +# username: root +# password: 123456 + #远程 +# url: jdbc:mysql://192.167.2.56:3306/ying_ji?useUnicode=true&useSSL=false&characterEncoding=utf8&serverTimezone=UTC +# username: root +# password: Jichuang@2023 # 从库数据源 slave: # 从数据源开关/默认关闭 diff --git a/ruoyi-admin/src/main/resources/application.yml b/ruoyi-admin/src/main/resources/application.yml index 9979c38..951efa6 100644 --- a/ruoyi-admin/src/main/resources/application.yml +++ b/ruoyi-admin/src/main/resources/application.yml @@ -59,7 +59,7 @@ spring: # 国际化资源文件路径 basename: i18n/messages profiles: - active: druid + active: internet # 文件上传 servlet: multipart: @@ -125,6 +125,11 @@ pagehelper: # Swagger配置 knife4j: enable: true + production: true + basic: + enable": false + username: yingji + password: Yingji@123. # 防止XSS攻击 diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/AddResponseHeaderFilter.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/AddResponseHeaderFilter.java new file mode 100644 index 0000000..598d790 --- /dev/null +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/AddResponseHeaderFilter.java @@ -0,0 +1,39 @@ +package com.ruoyi.framework.config; + +import org.springframework.stereotype.Component; +import org.springframework.web.filter.OncePerRequestFilter; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/** + * 过滤器添加响应头 + * + * @author wu + * @since 2024/7/29 下午2:51 + */ +@Component +public class AddResponseHeaderFilter extends OncePerRequestFilter { + /** + * Same contract as for {@code doFilter}, but guaranteed to be + * just invoked once per request within a single request thread. + * See {@link #shouldNotFilterAsyncDispatch()} for details. + *

Provides HttpServletRequest and HttpServletResponse arguments instead of the + * default ServletRequest and ServletResponse ones. + * + * @param request 请求 + * @param response 响应 + * @param filterChain 过滤器 + */ + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { + response.addHeader("X-Frame-Options", "DENY"); + response.addHeader("Strict-Transport-Security", "max-age = 16070400"); + response.addHeader("X-XSS-Protection", "1;mode=block"); + response.addHeader("X-Content-Type-Options", "nosniff"); + filterChain.doFilter(request, response); + } +}