From 158d3f7044391cda93eb905122cac0d414bb6f40 Mon Sep 17 00:00:00 2001 From: thinkgem Date: Sat, 15 May 2021 15:08:41 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0contentSecurityPolicy?= =?UTF-8?q?=E8=AF=B7=E6=B1=82=E5=A4=B4=E8=AE=BE=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/core/src/main/resources/config/jeesite-core.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/core/src/main/resources/config/jeesite-core.yml b/modules/core/src/main/resources/config/jeesite-core.yml index a2c211a1..861a0d85 100644 --- a/modules/core/src/main/resources/config/jeesite-core.yml +++ b/modules/core/src/main/resources/config/jeesite-core.yml @@ -370,6 +370,9 @@ shiro: # 是否允许嵌入到外部网站iframe中(true:不限制,false:不允许) isAllowExternalSiteIframe: true + # 设定允许获取的资源列表(v4.2.3) + #contentSecurityPolicy: "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:" + # 是否允许跨域访问 CORS,如果允许,设置允许的域名。当设置'*'号全部域名时,accessControlAllowCredentials应该设置为false。 # v4.2.3 开始支持多个域名和模糊匹配,例如:http://*.jeesite.com,http://*.jeesite.net # accessControlAllowOrigin: http://demo.jeesite.com