manager/my-worker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

新增允许重定向的地址限定,不设置为全部允许,设置this只允许本项目内部跳转,多个用逗号隔开,例如:this,http://*.jeesite.com

Browse Source
This commit is contained in:
thinkgem
2022-12-23 13:54:24 +08:00
parent a30f1d51c4
commit a22a91c482
3 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
modules/core/src/main/resources/config/jeesite-core.yml
View File

@@ -399,6 +399,9 @@ shiro:
# 允许的网站来源地址,不设置为全部地址(避免一些跨站点请求伪造 CSRF、防盗链
#allowReferers: http://127.0.0.1,http://localhost
# 允许重定向的地址不设置为全部允许设置this只允许本项目内部跳转多个用逗号隔开例如this,http://*.jeesite.com
#allowRedirects: ~
# 是否在登录后生成新的Session默认false
isGenerateNewSessionAfterLogin: false