From a16e4ca761f86fe982aeaaa455734363a5b8aa18 Mon Sep 17 00:00:00 2001
From: wangxiangshun <w_wangxiangshun@163.com>
Date: Sun, 26 Oct 2025 13:16:27 +0800
Subject: [PATCH] =?UTF-8?q?=E7=99=BD=E5=90=8D=E5=8D=95=E6=B7=BB=E5=8A=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 vetti-admin/target/classes/application.yml                    | 4 ++++
 .../main/java/com/vetti/framework/config/SecurityConfig.java  | 4 +++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/vetti-admin/target/classes/application.yml b/vetti-admin/target/classes/application.yml
index 92c58d2..971effa 100644
--- a/vetti-admin/target/classes/application.yml
+++ b/vetti-admin/target/classes/application.yml
@@ -70,6 +70,10 @@ swagger:
   pathMapping: /prod-api
 #################################### Swagger end ###################################
 
+server:
+  error:
+    include-stacktrace: never  # 永不输出 trace 信息
+
 # 防止XSS攻击
 xss:
   # 过滤开关
diff --git a/vetti-framework/src/main/java/com/vetti/framework/config/SecurityConfig.java b/vetti-framework/src/main/java/com/vetti/framework/config/SecurityConfig.java
index eaa7950..761ae61 100644
--- a/vetti-framework/src/main/java/com/vetti/framework/config/SecurityConfig.java
+++ b/vetti-framework/src/main/java/com/vetti/framework/config/SecurityConfig.java
@@ -111,7 +111,9 @@ public class SecurityConfig
             .authorizeHttpRequests((requests) -> {
                 permitAllUrl.getUrls().forEach(url -> requests.antMatchers(url).permitAll());
                 // 对于登录login 注册register 验证码captchaImage 允许匿名访问
-                requests.antMatchers("/login", "/register", "/captchaImage","/aiCommon/**","/voice-websocket/**").permitAll()
+                requests.antMatchers("/login", "/register", "/captchaImage","/aiCommon/**",
+                                "/voice-websocket/**","/verification/email/send","/verification/email/verify","/verification/phone/send",
+                                "/forgotPassword").permitAll()
                     // 静态资源，可匿名访问
                     .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
                     .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()