XSS过滤排除非json类型

ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/XssFilter.java

@@ -11,6 +11,7 @@ import org.springframework.core.io.buffer.DataBufferUtils;
 import org.springframework.core.io.buffer.NettyDataBufferFactory;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
+import org.springframework.http.MediaType;
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.http.server.reactive.ServerHttpRequestDecorator;
 import org.springframework.stereotype.Component;
@@ -45,6 +46,11 @@ public class XssFilter implements GlobalFilter, Ordered
         {
             return chain.filter(exchange);
         }
+        // 非json类型，不过滤
+        if (!isJsonRequest(exchange))
+        {
+            return chain.filter(exchange);
+        }
         // excludeUrls 不过滤
         String url = request.getURI().getPath();
         if (StringUtils.matches(url, xss.getExcludeUrls()))
@@ -95,6 +101,17 @@ public class XssFilter implements GlobalFilter, Ordered
         return serverHttpRequestDecorator;
     }
 
+    /**
+     * 是否是Json请求
+     * 
+     * @param request
+     */
+    public boolean isJsonRequest(ServerWebExchange exchange)
+    {
+        String header = exchange.getRequest().getHeaders().getFirst(HttpHeaders.CONTENT_TYPE);
+        return StringUtils.startsWithIgnoreCase(header, MediaType.APPLICATION_JSON_VALUE);
+    }
+
     @Override
     public int getOrder()
     {