更新xss

src/main/java/cn/stylefeng/guns/config/web/WebConfig.java

@@ -42,7 +42,6 @@ import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 
-import java.util.Arrays;
 import java.util.Properties;
 import java.util.Properties;
 
 
 import static cn.stylefeng.guns.core.common.constant.Const.NONE_PERMISSION_RES;
 import static cn.stylefeng.guns.core.common.constant.Const.NONE_PERMISSION_RES;
@@ -162,7 +161,8 @@ public class WebConfig implements WebMvcConfigurer {
     @Bean
     @Bean
     public FilterRegistrationBean xssFilterRegistration() {
     public FilterRegistrationBean xssFilterRegistration() {
         XssFilter xssFilter = new XssFilter();
         XssFilter xssFilter = new XssFilter();
-        xssFilter.setUrlExclusion(Arrays.asList("/notice/update", "/notice/add"));
+        // 这里可以加不被xss过滤的接口
+        // xssFilter.setUrlExclusion(Arrays.asList("/notice/update", "/notice/add"));
         FilterRegistrationBean registration = new FilterRegistrationBean(xssFilter);
         FilterRegistrationBean registration = new FilterRegistrationBean(xssFilter);
         registration.addUrlPatterns("/*");
         registration.addUrlPatterns("/*");
         return registration;
         return registration;