fix bug

Author: JoyChou93

src/main/java/org/joychou/security/jsonpFilter.java

@@ -32,27 +32,24 @@ public void init(FilterConfig filterConfig) throws ServletException {
     public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain)
             throws IOException, ServletException {
 
-
-        // If don't check referer, return.
-        if (!jsonpSwitch) {
-            return ;
-        }
-
         HttpServletRequest request = (HttpServletRequest) req;
         HttpServletResponse response = (HttpServletResponse) res;
 
         String refer = request.getHeader("referer");
         String referWhitelist[] = {"joychou.org", "joychou.com"};
 
-        // Check referer for all GET requests with callback parameters.
-        if (request.getMethod().equals("GET") && StringUtils.isNotBlank(request.getParameter("callback")) ){
-             // If the check of referer fails, a 403 forbidden error page will be returned.
-            if (!SecurityUtil.checkURLbyEndsWith(refer, referWhitelist)){
-                response.sendRedirect("https://test.joychou.org/error3.html");
-                return;
+        if (jsonpSwitch) {
+            // Check referer for all GET requests with callback parameters.
+            if (request.getMethod().equals("GET") && StringUtils.isNotBlank(request.getParameter("callback")) ){
+                // If the check of referer fails, a 403 forbidden error page will be returned.
+                if (!SecurityUtil.checkURLbyEndsWith(refer, referWhitelist)){
+                    response.sendRedirect("https://test.joychou.org/error3.html");
+                    return;
+                }
             }
         }
 
+
         filterChain.doFilter(req, res);
     }
 

src/main/resources/application.properties

@@ -4,5 +4,5 @@ management.security.enabled=false
 # logging.config=classpath:logback-online.xml
 
 # jsonp check referer switch
-org.joychou.security.jsonp = true
+org.joychou.security.jsonp = false
 org.joychou.security.csrf = false