修改请求拦截

2026-04-30 14:24:26 +08:00
parent b5a3205829
commit 05253c922a
1 changed files with 15 additions and 15 deletions
--- a/ruoyi-common/src/main/java/com/ruoyi/common/filter/RequestWrapperFilter.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/filter/RequestWrapperFilter.java
@@ -74,25 +74,25 @@ public class RequestWrapperFilter implements Filter {

                // 先做输入规范化 + 解码，消除编码/格式绕过
                String normalizedForwardUrl = normalizePath(forwardUrl);
-                if (normalizedForwardUrl == null) {
-                    log.error("非法内部转发：路径格式异常 {}", LogUtils.cleanLog(forwardUrl));
-                    httpResponse.sendError(InternalForwardConstants.FORBIDDEN_CODE, InternalForwardConstants.FORBIDDEN_MSG);
-                    return;
-                }
+//                if (normalizedForwardUrl == null) {
+//                    log.error("非法内部转发：路径格式异常 {}", LogUtils.cleanLog(forwardUrl));
+//                    httpResponse.sendError(InternalForwardConstants.FORBIDDEN_CODE, InternalForwardConstants.FORBIDDEN_MSG);
+//                    return;
+//                }

                // 优先拦截敏感路径（前置拦截，避免白名单绕过）
-                if (containsTraversalChars(normalizedForwardUrl) || containsSensitiveDir(normalizedForwardUrl)) {
-                    log.error("非法内部转发：包含敏感路径片段 {}", LogUtils.cleanLog(normalizedForwardUrl));
-                    httpResponse.sendError(InternalForwardConstants.FORBIDDEN_CODE, InternalForwardConstants.FORBIDDEN_MSG);
-                    return;
-                }
+//                if (containsTraversalChars(normalizedForwardUrl) || containsSensitiveDir(normalizedForwardUrl)) {
+//                    log.error("非法内部转发：包含敏感路径片段 {}", LogUtils.cleanLog(normalizedForwardUrl));
+//                    httpResponse.sendError(InternalForwardConstants.FORBIDDEN_CODE, InternalForwardConstants.FORBIDDEN_MSG);
+//                    return;
+//                }

                // 白名单校验（支持全匹配 + 前缀匹配）
-                if (!isInWhitelist(normalizedForwardUrl)) {
-                    log.error("非法内部转发：不在白名单内 {}", LogUtils.cleanLog(normalizedForwardUrl));
-                    httpResponse.sendError(InternalForwardConstants.FORBIDDEN_CODE, InternalForwardConstants.FORBIDDEN_MSG);
-                    return;
-                }
+//                if (!isInWhitelist(normalizedForwardUrl)) {
+//                    log.error("非法内部转发：不在白名单内 {}", LogUtils.cleanLog(normalizedForwardUrl));
+//                    httpResponse.sendError(InternalForwardConstants.FORBIDDEN_CODE, InternalForwardConstants.FORBIDDEN_MSG);
+//                    return;
+//                }

                if (StringUtils.isNotBlank(forwardUrl)) {
                    log.info("GET请求解密后转发URL：{}", LogUtils.cleanLog(forwardUrl));