From bc1c1dbfa7640856d57d6538056d7e98f43d1dbc Mon Sep 17 00:00:00 2001
From: ylwang <ylwang@makwing.com>
Date: Mon, 21 Nov 2022 08:58:44 +0000
Subject: [PATCH] =?UTF-8?q?=E6=AD=A4=E5=A4=84=E4=BF=AE=E6=94=B9=E6=9B=BE?=
 =?UTF-8?q?=E5=AF=BC=E8=87=B4=20nacos=E4=BF=AE=E6=94=B9xss=E5=BC=80?=
 =?UTF-8?q?=E5=85=B3=E6=97=B6=EF=BC=8Cspring=E5=AE=B9=E5=99=A8=E6=9C=AA?=
 =?UTF-8?q?=E9=87=8D=E5=90=AF=EF=BC=8Cfilter=E4=BB=8D=E8=B5=B7=E6=95=88?=
 =?UTF-8?q?=E3=80=82=E6=95=85=E5=A2=9E=E5=8A=A0=E5=8F=82=E6=95=B0=E5=88=A4?=
 =?UTF-8?q?=E6=96=AD=EF=BC=8C=E5=8F=82=E6=95=B0=E5=88=B7=E6=96=B0=E5=90=8E?=
 =?UTF-8?q?=EF=BC=8Cxss=E5=BC=80=E5=85=B3=E6=AD=A3=E5=B8=B8=E5=85=B3?=
 =?UTF-8?q?=E9=97=AD=E3=80=82=20=E6=AD=A4=E5=A4=84=E4=BF=AE=E6=94=B9?=
 =?UTF-8?q?=E6=9B=BE=E5=AF=BC=E8=87=B4=20nacos=E4=BF=AE=E6=94=B9xss?=
 =?UTF-8?q?=E5=BC=80=E5=85=B3=E6=97=B6=EF=BC=8Cspring=E5=AE=B9=E5=99=A8?=
 =?UTF-8?q?=E6=9C=AA=E9=87=8D=E5=90=AF=EF=BC=8Cfilter=E4=BB=8D=E8=B5=B7?=
 =?UTF-8?q?=E6=95=88=E3=80=82=E6=95=85=E5=A2=9E=E5=8A=A0=E5=8F=82=E6=95=B0?=
 =?UTF-8?q?=E5=88=A4=E6=96=AD=EF=BC=8C=E5=8F=82=E6=95=B0=E5=88=B7=E6=96=B0?=
 =?UTF-8?q?=E5=90=8E=EF=BC=8Cxss=E5=BC=80=E5=85=B3=E6=AD=A3=E5=B8=B8?=
 =?UTF-8?q?=E5=85=B3=E9=97=AD=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: ylwang <ylwang@makwing.com>
---
 .../src/main/java/com/ruoyi/gateway/filter/XssFilter.java     | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/XssFilter.java b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/XssFilter.java
index bc93e3a..76792ee 100644
--- a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/XssFilter.java
+++ b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/XssFilter.java
@@ -42,6 +42,10 @@ public class XssFilter implements GlobalFilter, Ordered
     public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain)
     {
         ServerHttpRequest request = exchange.getRequest();
+        // xss开关未开启 或 通过nacos关闭，不过滤
+        if(!xss.getEnabled()){
+            return chain.filter(exchange);
+        }
         // GET DELETE 不过滤
         HttpMethod method = request.getMethod();
         if (method == null || method == HttpMethod.GET || method == HttpMethod.DELETE)