白名单添加

2025-10-26 13:16:27 +08:00
parent 1f2a56dd37
commit a16e4ca761
2 changed files with 7 additions and 1 deletions
--- a/vetti-admin/target/classes/application.yml
+++ b/vetti-admin/target/classes/application.yml
@@ -70,6 +70,10 @@ swagger:
  pathMapping: /prod-api
 #################################### Swagger end ###################################

+server:
+  error:
+    include-stacktrace: never  # 永不输出 trace 信息
+
 # 防止XSS攻击
 xss:
  # 过滤开关
--- a/vetti-framework/src/main/java/com/vetti/framework/config/SecurityConfig.java
+++ b/vetti-framework/src/main/java/com/vetti/framework/config/SecurityConfig.java
@@ -111,7 +111,9 @@ public class SecurityConfig
            .authorizeHttpRequests((requests) -> {
                permitAllUrl.getUrls().forEach(url -> requests.antMatchers(url).permitAll());
                // 对于登录login 注册register 验证码captchaImage 允许匿名访问
-                requests.antMatchers("/login", "/register", "/captchaImage","/aiCommon/**","/voice-websocket/**").permitAll()
+                requests.antMatchers("/login", "/register", "/captchaImage","/aiCommon/**",
+                                "/voice-websocket/**","/verification/email/send","/verification/email/verify","/verification/phone/send",
+                                "/forgotPassword").permitAll()
                    // 静态资源，可匿名访问
                    .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
                    .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()