UEditor与CORS共用时,谷歌浏览器中无法上传图片的问题

场景

之前在一个项目中引入了UEditor富文本编辑器,并且正常使用了一段时间,但是在一次安全漏洞升级之后,UEditor突然出现上传图片失败的问题,并且经过多个浏览器测试后,火狐与IE均可进行上传,但在谷歌中,上传图片的jsp请求返回403异常,请求被服务器拒绝了


UEditor与CORS共用时,谷歌浏览器中无法上传图片的问题_第1张图片
请求返回状态异常

原因

根本原因是由于UEditor上传图片的请求中请求头中Origin没有带值而被CORS拦截导致


UEditor与CORS共用时,谷歌浏览器中无法上传图片的问题_第2张图片
Origin请求头缺少参数

解决

这里可能与UEditor内部提交表单的设值有关,我最后是决定从后端解决,在请求进入CORS拦截校验之前,补全Origin请求头


UEditor与CORS共用时,谷歌浏览器中无法上传图片的问题_第3张图片
web.xml配置

*注:这里配置的UEDITOR filter mapping需要在CORS之前

代码

UeditorRequestFilter
package com.thinkive.sj1.cloudinvest.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.apache.log4j.Logger;

import com.thinkive.sj1.cloudinvest.interceptor.CheckUserInferInterceptor;

public class UeditorRequestFilter implements Filter
{
    
    private static Logger           logger           = Logger.getLogger(UeditorRequestFilter.class);
    @Override
    public void init(FilterConfig filterConfig) throws ServletException
    {
        // TODO Auto-generated method stub
        
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
            ServletException
    {
        logger.info("进入ueditorFilter拦截");
        HttpServletRequest hreq = (HttpServletRequest)request;
        String action = hreq.getParameter("action");
        logger.info("参数action:"+action);
        MyServletRequestWrapper httpReq = new MyServletRequestWrapper(((HttpServletRequest)request));
        if(action.equals("uploadimage")){
            String url = hreq.getScheme()+"://"+ hreq.getServerName();
            httpReq.addHeader("Origin", url);
            String o = httpReq.getHeader("Origin");
            logger.info("设置的Origin:"+o);
        }
        chain.doFilter(httpReq, response);
    }

    @Override
    public void destroy()
    {
        // TODO Auto-generated method stub
        
    }
    
}

在拦截器中我们包装了HttpServletRequest的封装类HttpServletRequestWrapper来操作request请求头

HttpServletRequestWrapper
package com.thinkive.sj1.cloudinvest.filter;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

public class MyServletRequestWrapper extends HttpServletRequestWrapper{

    private Map headerMap;
    
    public void addHeader(String name, String value){
        headerMap.put(name, new String(value));
    }
    
    public MyServletRequestWrapper(HttpServletRequest request){
        super(request);
        headerMap = new HashMap();
    }
    
    public Enumeration getHeaderNames(){
        HttpServletRequest request = (HttpServletRequest)getRequest();
        List list = new ArrayList();
        for( Enumeration e = request.getHeaderNames() ;  e.hasMoreElements() ; )
            list.add(e.nextElement().toString());
        for( Iterator i = headerMap.keySet().iterator() ; i.hasNext() ; ){
            list.add(i.next());
        }
        return Collections.enumeration(list);
    }
    public String getHeader(String name){
        Object value;
        if((value = headerMap.get(""+name)) != null)
            return value.toString();
        else
            return ((HttpServletRequest)getRequest()).getHeader(name);
    }
}

你可能感兴趣的:(UEditor与CORS共用时,谷歌浏览器中无法上传图片的问题)