xss加入配置文件

2018-08-13 21:40:50 +08:00
parent e8eaeadbb0
commit f67d7179cd
7 changed files with 43 additions and 25 deletions
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -40,6 +40,7 @@ spring:
  thymeleaf:
    mode: HTML
    encoding: utf-8
+    # 禁用缓存
    cache: false
  messages:
    #国际化资源文件路径
@ -82,7 +83,7 @@ shiro:
    # 首页地址
    indexUrl: /index
    # 验证码开关
-    captchaEbabled: true
+    captchaEnabled: true
    # 验证码类型 math 数组计算 char 字符
    captchaType: math
  cookie:
@ -101,6 +102,14 @@ shiro:
    dbSyncPeriod: 1
    # 相隔多久检查一次session的有效性，默认就是10分钟
    validationInterval: 10
+# 防止XSS攻击
+xss: 
+  # 过滤开关
+  enabled: true
+  # 排除链接（多个用逗号分隔）
+  excludes: /system/notice/*
+  # 匹配链接
+  urlPatterns: /system/*,/monitor/*,/tool/*
 # 代码生成
 gen: 
  # 作者
--- a/src/main/resources/templates/login.html
+++ b/src/main/resources/templates/login.html
@ -50,7 +50,7 @@
                    <p class="m-t-md">你若不离不弃，我必生死相依</p>
                    <input type="text"     name="username" class="form-control uname"     placeholder="用户名" value="admin"    />
                    <input type="password" name="password" class="form-control pword m-b" placeholder="密码"   value="admin123" />
-					<div class="row" th:if="${captchaEbabled==true}">
+					<div class="row" th:if="${captchaEnabled==true}">
 						<div class="col-xs-6">
 						    <input type="text" name="validateCode" class="form-control code" placeholder="验证码" maxlength="5">
 						</div>