返回html时设置响应头

2025-11-11 23:30:44 +08:00 · 2025-11-11 23:30:44 +08:00 · f0143b1190
parent e68c8cd2ad
commit f0143b1190
4 changed files with 31 additions and 2 deletions
--- a/ruoyi-admin/src/main/java/com/ruoyi/RuoYiApplication.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/RuoYiApplication.java
@ -3,12 +3,14 @@ package com.ruoyi;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
+import org.springframework.boot.web.servlet.ServletComponentScan;

 /**
 * 启动程序
 * 
 * @author ruoyi
 */
+@ServletComponentScan("com.ruoyi.web")
@SpringBootApplication(exclude = { DataSourceAutoConfiguration.class })
 public class RuoYiApplication
 {
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java
@ -254,7 +254,6 @@ public class CommonController {
    @ApiOperation("获取html内容")
    @GetMapping("/html/content/{title}")
    public String getHtmlContent(@PathVariable("title") String title, HttpServletResponse response) {
-        response.setHeader("X-Frame-Options", "ALLOWALL");
        response.setHeader("Content-Security-Policy", "frame-ancestors *");
        return htmlService.getHtmlContent(title);
    }
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/filter/HtmlFilter.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/filter/HtmlFilter.java
@ -0,0 +1,21 @@
+package com.ruoyi.web.filter;
+
+import org.springframework.core.annotation.Order;
+
+import javax.servlet.*;
+import javax.servlet.annotation.WebFilter;
+import java.io.IOException;
+
+/**
+ * @author liangyq
+ * @date 2025-11-11
+ */
+//@WebFilter(urlPatterns = "/rest/v1/common/html/content/*")
+@Order()
+public class HtmlFilter implements Filter {
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        chain.doFilter(request, response);
+    }
+}
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
@ -1,5 +1,6 @@
 package com.ruoyi.framework.config;

+import cn.hutool.core.util.StrUtil;
 import com.ruoyi.framework.config.properties.PermitAllUrlProperties;
 import com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter;
 import com.ruoyi.framework.security.handle.AuthenticationEntryPointImpl;
@ -101,7 +102,13 @@ public class SecurityConfig
            .csrf(csrf -> csrf.disable())
            // 禁用HTTP响应标头
            .headers((headersCustomizer) -> {
-                headersCustomizer.cacheControl(cache -> cache.disable()).frameOptions(options -> options.sameOrigin());
+                headersCustomizer.cacheControl(cache -> cache.disable()).frameOptions(options -> options.sameOrigin())
+                        .addHeaderWriter((request, response) -> {
+                            // html接口响应头特殊处理
+                            if (StrUtil.startWith(request.getRequestURI(),"/rest/v1/common/html/content/")){
+                                response.setHeader("X-Frame-Options","ALLOWALL");
+                            }
+                        });
            })
            // 认证失败处理类
            .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler))