manager/my-worker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

新增允许的网站来源地址指定参数 shiro.allowReferers 避免一些跨站点请求伪造CSRF

Browse Source
This commit is contained in:
thinkgem
2019-05-23 18:15:11 +08:00
parent 0eda12d31e
commit b5d1d30281
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/core/src/main/resources/config/jeesite-core.yml
View File

@@ -351,6 +351,10 @@ shiro:
# 是否允许接收跨域的Cookie凭证数据
# accessControlAllowCredentials: true
# 允许的网站来源地址不设置为全部地址避免一些跨站点请求伪造CSRF
# allowReferers: http://127.0.0.1,http://localhost
# allowReferers: ~
# 是否在登录后生成新的Session默认false
isGenerateNewSessionAfterLogin: false