优化csrf名称，防止nginx代理无法识别问题(IC5B9C)

2025-05-12 11:47:26 +08:00 · 2025-05-12 11:47:26 +08:00 · 2b8d00b756
parent b03b9736f5
commit 2b8d00b756
7 changed files with 15 additions and 10 deletions
--- a/ruoyi-admin/src/main/resources/static/ajax/libs/bootstrap-fileinput/fileinput.js
+++ b/ruoyi-admin/src/main/resources/static/ajax/libs/bootstrap-fileinput/fileinput.js
@ -6450,7 +6450,7 @@
        textEncoding: 'UTF-8',
        preProcessUpload: null,
        ajaxSettings: { headers: {
-            "csrf_token": document.querySelector('meta[name="csrf-token"]').content
+            "X-CSRF-Token": document.querySelector('meta[name="csrf-token"]').content
        }},
        ajaxDeleteSettings: {},
        showAjaxErrorDetails: true,
--- a/ruoyi-admin/src/main/resources/static/ajax/libs/bootstrap-fileinput/fileinput.min.js
+++ b/ruoyi-admin/src/main/resources/static/ajax/libs/bootstrap-fileinput/fileinput.min.js
--- a/ruoyi-admin/src/main/resources/static/ruoyi/js/common.js
+++ b/ruoyi-admin/src/main/resources/static/ruoyi/js/common.js
@ -576,7 +576,7 @@ $.ajaxSetup({
    beforeSend: function (xhr, settings) {
        var csrftoken = $('meta[name=csrf-token]').attr('content')
        if (($.common.equalsIgnoreCase(settings.type, "POST"))) {
-            xhr.setRequestHeader("csrf_token", csrftoken)
+            xhr.setRequestHeader("X-CSRF-Token", csrftoken)
        }
    },
    complete: function(XMLHttpRequest, textStatus) {
--- a/ruoyi-admin/src/main/resources/static/ruoyi/js/ry-ui.js
+++ b/ruoyi-admin/src/main/resources/static/ruoyi/js/ry-ui.js
@ -1053,7 +1053,7 @@ var table = {
                    beforeSend: function (xhr, settings) {
                        var csrftoken = $('meta[name=csrf-token]').attr('content');
                        if ($.common.equalsIgnoreCase(settings.type, "POST")) {
-                            xhr.setRequestHeader("csrf_token", csrftoken);
+                            xhr.setRequestHeader("X-CSRF-Token", csrftoken);
                        }
                        $.modal.loading("正在处理中，请稍候...");
                    },
@ -1237,7 +1237,7 @@ var table = {
                    beforeSend: function (xhr, settings) {
                        var csrftoken = $('meta[name=csrf-token]').attr('content');
                        if (($.common.equalsIgnoreCase(settings.type, "POST"))) {
-                            xhr.setRequestHeader("csrf_token", csrftoken);
+                            xhr.setRequestHeader("X-CSRF-Token", csrftoken);
                        }
                        $.modal.loading("正在处理中，请稍候...");
                        $.modal.disable();
@ -1261,7 +1261,7 @@ var table = {
                    beforeSend: function (xhr, settings) {
                        var csrftoken = $('meta[name=csrf-token]').attr('content');
                        if (($.common.equalsIgnoreCase(settings.type, "POST"))) {
-                            xhr.setRequestHeader("csrf_token", csrftoken);
+                            xhr.setRequestHeader("X-CSRF-Token", csrftoken);
                        }
                        $.modal.loading("正在处理中，请稍候...");
                    },
@ -1291,7 +1291,7 @@ var table = {
                    beforeSend: function (xhr, settings) {
                        var csrftoken = $('meta[name=csrf-token]').attr('content');
                        if (($.common.equalsIgnoreCase(settings.type, "POST"))) {
-                            xhr.setRequestHeader("csrf_token", csrftoken);
+                            xhr.setRequestHeader("X-CSRF-Token", csrftoken);
                        }
                        $.modal.loading("正在处理中，请稍候...");
                    },
--- a/ruoyi-admin/src/main/resources/templates/lock.html
+++ b/ruoyi-admin/src/main/resources/templates/lock.html
@ -97,7 +97,7 @@
            data: { password: password },
            beforeSend: function(xhr) {
            	var csrftoken = $('meta[name=csrf-token]').attr('content');
-                xhr.setRequestHeader("csrf_token", csrftoken);
+                xhr.setRequestHeader("X-CSRF-Token", csrftoken);
            	index = layer.load(2, {shade: false});
            },
            success: function(result) {
--- a/ruoyi-common/src/main/java/com/ruoyi/common/constant/ShiroConstants.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/constant/ShiroConstants.java
@ -33,10 +33,15 @@ public class ShiroConstants
    public static final String ERROR = "errorMsg";
    /**
-     * csrf key
+     * csrf meta content
     */
    public static final String CSRF_TOKEN = "csrf_token";
    /**
     * csrf request header
     */
    public static final String X_CSRF_TOKEN = "X-CSRF-Token";
    /**
     * 当前在线会话
     */
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/web/filter/csrf/CsrfValidateFilter.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/web/filter/csrf/CsrfValidateFilter.java
@ -37,7 +37,7 @@ public class CsrfValidateFilter extends AccessControlFilter
        {
            return true;
        }
-        return validateResponse(httpServletRequest, httpServletRequest.getHeader(ShiroConstants.CSRF_TOKEN));
+        return validateResponse(httpServletRequest, httpServletRequest.getHeader(ShiroConstants.X_CSRF_TOKEN));
    }
    public boolean validateResponse(HttpServletRequest request, String requestToken)