Home Verkennen Help
Registreren Inloggen
Stwc002
/
GatewayServer
4
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Bladeren bron

调试环境下注释掉安全请求头配置。

yangzhijie1488@163.com 3 jaren geleden
bovenliggende
4770a5bd2a
commit
0f02e7e578
1 gewijzigde bestanden met toevoegingen van 46 en 53 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 46 53
      src/main/resources/Application.yml

+ 46 - 53
src/main/resources/Application.yml
Bestand weergeven 

@@ -19,13 +19,6 @@ server:
 
     enabled: true

     mime-types: application/json,application/xml,text/html,text/xml,text/plain,application/javascript,text/css,font/woff2

 

-

-

-

-

-

-

-

 spring:

   # 修改文件上传大小的限制

   servlet:

@@ -38,21 +31,21 @@ spring:
 
   cloud:

     gateway:

       globalcors:

-        cors-configurations:

-          '[/**]':

-            # 允许向该服务器提交请求的URI

-            allowedOrigins:

-              - 'u.leanwo.com'

-              - 'uat.leanwo.com'

-            # 允许跨域的方法

-            allowedMethods:

-              - GET

-              - POST

-              - DELETE

-              - PUT

-              - HEAD

-            # 预检请求的缓存时间(秒),即在这个时间段里对于相同的跨域请求不会再预检

-            maxAge: 180

+        # cors-configurations:

+        #   '[/**]':

+        #     # 允许向该服务器提交请求的URI

+        #     allowedOrigins:

+        #       - 'u.leanwo.com'

+        #       - 'uat.leanwo.com'

+        #     # 允许跨域的方法

+        #     allowedMethods:

+        #       - GET

+        #       - POST

+        #       - DELETE

+        #       - PUT

+        #       - HEAD

+        #     # 预检请求的缓存时间(秒),即在这个时间段里对于相同的跨域请求不会再预检

+        #     maxAge: 180

       discovery:

         locator:

           enabled: true

@@ -62,56 +55,56 @@ spring:
 
           predicates:

             - Path=/api/**,/druid/**,/rest-api/**,/WebSocket/**,/workflow-app/**,/workflow-prodog/**,/workflow-system/**

           filters:

-            - SetResponseHeader=Referrer-Policy, origin

-            - SetResponseHeader=Strict-Transport-Security, max-age=631138519; preload

-            - SetResponseHeader=X-Frame-Options, SAMEORIGIN

-            - SetResponseHeader=Content-Security-Policy, object-src https://u.leanwo.com https://uat.leanwo.com

-            - SetResponseHeader=X-XSS-Protection, 1 ; mode=block

-            - SetResponseHeader=Access-Control-Allow-Methods,'GET, POST, PUT, DELETE, HEAD'

+            # - SetResponseHeader=Referrer-Policy, origin

+            # - SetResponseHeader=Strict-Transport-Security, max-age=631138519; preload

+            # - SetResponseHeader=X-Frame-Options, SAMEORIGIN

+            # - SetResponseHeader=Content-Security-Policy, object-src https://u.leanwo.com https://uat.leanwo.com

+            # - SetResponseHeader=X-XSS-Protection, 1 ; mode=block

+            # - SetResponseHeader=Access-Control-Allow-Methods,'GET, POST, PUT, DELETE, HEAD'

         - id: auth_server

           uri: lb://auth-server

           predicates:

             - Path=/authApi/**

           filters:

-            - SetResponseHeader=Referrer-Policy, origin

-            - SetResponseHeader=Strict-Transport-Security, max-age=631138519; preload

-            - SetResponseHeader=X-Frame-Options, SAMEORIGIN

-            - SetResponseHeader=Content-Security-Policy, object-src https://u.leanwo.com https://uat.leanwo.com

-            - SetResponseHeader=X-XSS-Protection, 1 ; mode=block

-            - SetResponseHeader=Access-Control-Allow-Methods,'GET, POST, PUT, DELETE, HEAD'

+            # - SetResponseHeader=Referrer-Policy, origin

+            # - SetResponseHeader=Strict-Transport-Security, max-age=631138519; preload

+            # - SetResponseHeader=X-Frame-Options, SAMEORIGIN

+            # - SetResponseHeader=Content-Security-Policy, object-src https://u.leanwo.com https://uat.leanwo.com

+            # - SetResponseHeader=X-XSS-Protection, 1 ; mode=block

+            # - SetResponseHeader=Access-Control-Allow-Methods,'GET, POST, PUT, DELETE, HEAD'

         - id: dingtalk_server

           uri: lb://dingtalk-server

           predicates:

             - Path=/dingTalkApi/**

           filters:

             - StripPrefix=1      

-            - SetResponseHeader=Referrer-Policy, origin

-            - SetResponseHeader=Strict-Transport-Security, max-age=631138519; preload

-            - SetResponseHeader=X-Frame-Options, SAMEORIGIN

-            - SetResponseHeader=Content-Security-Policy, object-src https://u.leanwo.com https://uat.leanwo.com

-            - SetResponseHeader=X-XSS-Protection, 1 ; mode=block

-            - SetResponseHeader=Access-Control-Allow-Methods,'GET, POST, PUT, DELETE, HEAD'

+            # - SetResponseHeader=Referrer-Policy, origin

+            # - SetResponseHeader=Strict-Transport-Security, max-age=631138519; preload

+            # - SetResponseHeader=X-Frame-Options, SAMEORIGIN

+            # - SetResponseHeader=Content-Security-Policy, object-src https://u.leanwo.com https://uat.leanwo.com

+            # - SetResponseHeader=X-XSS-Protection, 1 ; mode=block

+            # - SetResponseHeader=Access-Control-Allow-Methods,'GET, POST, PUT, DELETE, HEAD'

         - id: gateway_server

           uri: lb:http://gateway-server

           predicates:

             - Path=/gateway-api/**

           filters:

-            - SetResponseHeader=Referrer-Policy, origin

-            - SetResponseHeader=Strict-Transport-Security, max-age=631138519; preload

-            - SetResponseHeader=X-Frame-Options, SAMEORIGIN

-            - SetResponseHeader=Content-Security-Policy, object-src https://u.leanwo.com https://uat.leanwo.com

-            - SetResponseHeader=X-XSS-Protection, 1 ; mode=block

-            - SetResponseHeader=Access-Control-Allow-Methods,'GET, POST, PUT, DELETE, HEAD'

+            # - SetResponseHeader=Referrer-Policy, origin

+            # - SetResponseHeader=Strict-Transport-Security, max-age=631138519; preload

+            # - SetResponseHeader=X-Frame-Options, SAMEORIGIN

+            # - SetResponseHeader=Content-Security-Policy, object-src https://u.leanwo.com https://uat.leanwo.com

+            # - SetResponseHeader=X-XSS-Protection, 1 ; mode=block

+            # - SetResponseHeader=Access-Control-Allow-Methods,'GET, POST, PUT, DELETE, HEAD'

         # 文件服务器

         - id: file_server

           uri: lb://file-server

           predicates:

             - Path=/**

           filters:

-            - SetResponseHeader=Referrer-Policy, origin

-            - SetResponseHeader=Strict-Transport-Security, max-age=631138519; preload

-            - SetResponseHeader=X-Frame-Options, SAMEORIGIN

-            - SetResponseHeader=Content-Security-Policy, object-src https://u.leanwo.com https://uat.leanwo.com

-            - SetResponseHeader=X-XSS-Protection, 1 ; mode=block

-            - SetResponseHeader=Access-Control-Allow-Methods,'GET, POST, PUT, DELETE, HEAD'

-            - SetResponseHeader=Allow,'GET, POST, PUT, DELETE, HEAD'

+            # - SetResponseHeader=Referrer-Policy, origin

+            # - SetResponseHeader=Strict-Transport-Security, max-age=631138519; preload

+            # - SetResponseHeader=X-Frame-Options, SAMEORIGIN

+            # - SetResponseHeader=Content-Security-Policy, object-src https://u.leanwo.com https://uat.leanwo.com

+            # - SetResponseHeader=X-XSS-Protection, 1 ; mode=block

+            # - SetResponseHeader=Access-Control-Allow-Methods,'GET, POST, PUT, DELETE, HEAD'

+            # - SetResponseHeader=Allow,'GET, POST, PUT, DELETE, HEAD'