From 96245cf82dffb2ab865fbf67951903fe4e5cd232 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=96=AF=E7=8B=82=E7=9A=84=E7=8B=AE=E5=AD=90Li?=
 <15040126243@163.com>
Date: Wed, 11 Dec 2024 14:01:03 +0800
Subject: [PATCH] =?UTF-8?q?update=20=E4=BC=98=E5=8C=96=20xss=20=E5=A4=84?=
 =?UTF-8?q?=E7=90=86=E5=99=A8=20=E4=BB=8Egateway=E8=8E=B7=E5=8F=96?=
 =?UTF-8?q?=E8=BD=AC=E5=8F=91=E8=B7=AF=E5=BE=84?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/org/dromara/common/web/filter/XssFilter.java  | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssFilter.java b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssFilter.java
index a1bbd296..6571deaf 100644
--- a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssFilter.java
+++ b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssFilter.java
@@ -3,6 +3,7 @@ package org.dromara.common.web.filter;
 import jakarta.servlet.*;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.dromara.common.core.utils.ServletUtils;
 import org.dromara.common.core.utils.SpringUtils;
 import org.dromara.common.core.utils.StringUtils;
 import org.dromara.common.web.config.properties.XssProperties;
@@ -26,12 +27,13 @@ public class XssFilter implements Filter {
     @Override
     public void init(FilterConfig filterConfig) throws ServletException {
         XssProperties properties = SpringUtils.getBean(XssProperties.class);
-        String appName = SpringUtils.getApplicationName();
-        String appPath = "/" + StringUtils.substring(appName, appName.indexOf("-") + 1);
+        HttpServletRequest request = ServletUtils.getRequest();
+        // 从请求头获取gateway转发的服务前缀
+        String prefix = StringUtils.blankToDefault(request.getHeader("X-Forwarded-Prefix"), "");
         List<String> excludeUrls = properties.getExcludeUrls()
             .stream()
-            .filter(x -> StringUtils.startsWith(x, appPath))
-            .map(x -> x.replaceFirst(appPath, StringUtils.EMPTY))
+            .filter(x -> StringUtils.startsWith(x, prefix))
+            .map(x -> x.replaceFirst(prefix, StringUtils.EMPTY))
             .toList();
         excludes.addAll(excludeUrls);
     }