From 7138e02aa1ba2991be2408331ceeb04ee76eab18 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=96=AF=E7=8B=82=E7=9A=84=E7=8B=AE=E5=AD=90Li?=
 <15040126243@163.com>
Date: Wed, 25 Dec 2024 14:53:31 +0800
Subject: [PATCH] =?UTF-8?q?fix=20=E4=BF=AE=E5=A4=8D=20=E6=9C=AA=E5=BC=80?=
 =?UTF-8?q?=E5=90=AFsse=20=E6=89=BE=E4=B8=8D=E5=88=B0bean=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../dromara/common/web/filter/XssFilter.java  | 26 +++++++------------
 1 file changed, 9 insertions(+), 17 deletions(-)

diff --git a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssFilter.java b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssFilter.java
index 7f7b4de8..8a943330 100644
--- a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssFilter.java
+++ b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssFilter.java
@@ -1,6 +1,5 @@
 package org.dromara.common.web.filter;
 
-import cn.hutool.core.collection.CollUtil;
 import jakarta.servlet.*;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -10,7 +9,6 @@ import org.dromara.common.web.config.properties.XssProperties;
 import org.springframework.http.HttpMethod;
 
 import java.io.IOException;
-import java.util.ArrayList;
 import java.util.List;
 
 /**
@@ -19,10 +17,6 @@ import java.util.List;
  * @author ruoyi
  */
 public class XssFilter implements Filter {
-    /**
-     * 排除链接
-     */
-    public List<String> excludes = new ArrayList<>();
 
     @Override
     public void init(FilterConfig filterConfig) {
@@ -48,17 +42,15 @@ public class XssFilter implements Filter {
         if (method == null || HttpMethod.GET.matches(method) || HttpMethod.DELETE.matches(method)) {
             return true;
         }
-        if (CollUtil.isEmpty(excludes)) {
-            XssProperties properties = SpringUtils.getBean(XssProperties.class);
-            // 从请求头获取gateway转发的服务前缀
-            String prefix = StringUtils.blankToDefault(request.getHeader("X-Forwarded-Prefix"), "");
-            List<String> excludeUrls = properties.getExcludeUrls().stream()
-                .filter(x -> StringUtils.startsWith(x, prefix))
-                .map(x -> x.replaceFirst(prefix, StringUtils.EMPTY))
-                .toList();
-            excludes.addAll(excludeUrls);
-        }
-        return StringUtils.matches(url, excludes);
+        // 每次都获取处理 支持nacos热更配置
+        XssProperties properties = SpringUtils.getBean(XssProperties.class);
+        String prefix = StringUtils.blankToDefault(request.getHeader("X-Forwarded-Prefix"), "");
+        // 从请求头获取gateway转发的服务前缀
+        List<String> excludeUrls = properties.getExcludeUrls().stream()
+            .filter(x -> StringUtils.startsWith(x, prefix))
+            .map(x -> x.replaceFirst(prefix, StringUtils.EMPTY))
+            .toList();
+        return StringUtils.matches(url, excludeUrls);
     }
 
     @Override