新增CSRF防护功能

2025-12-23 03:07:11 +00:00 · 2025-04-15 17:01:38 +08:00
parent 922a9a5726
commit d42697cb94
11 changed files with 175 additions and 9 deletions
--- a/ruoyi-admin/src/main/resources/templates/include.html
+++ b/ruoyi-admin/src/main/resources/templates/include.html
@@ -5,6 +5,7 @@
 	<meta http-equiv="X-UA-Compatible" content="IE=edge">
 	<meta name="keywords" content="">
 	<meta name="description" content="">
+	<meta th:content="${session.csrf_token}" name="csrf-token"/>
 	<title th:text="${title}"></title>
 	<link th:href="@{/css/bootstrap.min.css?v=3.3.7}" rel="stylesheet"/>
 	<link th:href="@{/css/font-awesome.min.css?v=4.7.0}" rel="stylesheet"/>
--- a/ruoyi-admin/src/main/resources/templates/lock.html
+++ b/ruoyi-admin/src/main/resources/templates/lock.html
@@ -3,6 +3,7 @@
 <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta th:content="${session.csrf_token}" name="csrf-token"/>
    <!--360浏览器优先以webkit内核解析-->
    <title>锁定屏幕</title>
    <link th:href="@{favicon.ico}" rel="shortcut icon"/>
@@ -94,7 +95,9 @@
            type: "post",
            dataType: "json",
            data: { password: password },
-            beforeSend: function() {
+            beforeSend: function(xhr) {
+            	var csrftoken = $('meta[name=csrf-token]').attr('content');
+                xhr.setRequestHeader("csrf_token", csrftoken);
            	index = layer.load(2, {shade: false});
            },
            success: function(result) {