Skip to content

更新 JQ为3.7.1 、添加静态授信htost、 美化报错页面、 新增 tgz 格式支持#732

Closed
gaoxingzaq wants to merge 9 commits intokekingcn:masterfrom
gaoxingzaq:master
Closed

更新 JQ为3.7.1 、添加静态授信htost、 美化报错页面、 新增 tgz 格式支持#732
gaoxingzaq wants to merge 9 commits intokekingcn:masterfrom
gaoxingzaq:master

Conversation

@gaoxingzaq
Copy link
Copy Markdown
Contributor

@gaoxingzaq gaoxingzaq commented Apr 11, 2026

No description provided.

gaoxingzaq
gaoxingzaq commented Apr 11, 2026
View reviewed changes
Comment thread server/src/main/resources/static/drawio/js/app.min.js
Copy link
Copy Markdown
Contributor Author

@gaoxingzaq gaoxingzaq Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

修改接入方法 支持file 参数

gaoxingzaq
gaoxingzaq commented Apr 11, 2026
View reviewed changes
Comment thread server/src/main/resources/static/xmind/xmind.js
Copy link
Copy Markdown
Contributor Author

@gaoxingzaq gaoxingzaq Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

取消 index.html 集成到内部 防止XSS

@klboke
Copy link
Copy Markdown
Contributor

klboke commented Apr 11, 2026

Code review summary

整体看下来,这个 PR 我建议先不要合并,当前至少有两个阻断问题:

  1. online3D.ftl 中 MODEL_URL 被声明为 const,但后面在代理分支里又重新赋值。
    这样在需要走 getCorsFile 代理时会直接抛出运行时错误,导致 3D 预览页脚本中断。

  2. ofd.ftl 中代理 URL 的变量写错了。
    代码里计算的是 finalOfdUrl,但 if 分支实际修改的是 url,后面 loadOfdFile(finalOfdUrl) 仍然会使用未代理的原始地址。
    这会导致需要代理/跨域的 OFD 文件加载失败,而且页面里还残留了 console.log("Hello, world!")。

另外还有一个建议关注的点:

  • online3D.ftl 里把 website 的静态资源路径写成了 /website/... 的根路径,若部署在非根 context-path 下,资源解析有风险,建议改回基于 baseUrl 或相对路径的方式。

我本地额外做了这些检查:

  • 拉下 PR 后阅读了 Java + 前端模板相关改动
  • 运行了 TrustHostFilterTests 和 WebUtilsTests,均通过

结论:建议修复上面两个功能性问题后再合并。

klboke
klboke reviewed Apr 11, 2026
View reviewed changes
Comment thread server/src/main/resources/web/online3D.ftl Outdated
const kkagent = '${kkagent}';
const baseUrl = '${baseUrl}'.endsWith('/') ? '${baseUrl}' : '${baseUrl}' + '/';
if (kkagent === 'true' || !MODEL_URL.startsWith(baseUrl)) {
MODEL_URL = baseUrl + 'getCorsFile?urlPath=' + encodeURIComponent(Base64.encode(MODEL_URL))+ "&key=${kkkey}";
Copy link
Copy Markdown
Contributor

@klboke klboke Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

这里有一个明确的运行时问题:MODEL_URL 在上一行被声明为 const,但这里又重新赋值。只要命中这个代理分支,浏览器就会直接抛出 “Assignment to constant variable”,后面的 3D 预览初始化也会中断。建议改成 let MODEL_URL,或者引入新的 finalModelUrl 变量承接代理后的值。

klboke
klboke reviewed Apr 11, 2026
View reviewed changes
Comment thread server/src/main/resources/web/ofd.ftl
// ========== 整合后端变量,直接指定 OFD 文件地址 ==========
// 后端传入的原始 URL(可能未经过代理)
var rawUrl = '${finalUrl}';
var kkagent = '${kkagent}';
Copy link
Copy Markdown
Contributor

@klboke klboke Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

这里更新错变量了:上面真正参与后续 loadOfdFile(...) 调用的是 finalOfdUrl,但这个分支里修改的是 url。结果是 finalOfdUrl 仍然保持原始地址,跨域/代理场景不会生效。建议这里改为 finalOfdUrl = baseUrl + 'getCorsFile?...',并顺手删掉后面的调试日志。

@gaoxingzaq
Copy link
Copy Markdown
Contributor Author

gaoxingzaq commented Apr 11, 2026

好的 已经修复了

@gaoxingzaq gaoxingzaq closed this Apr 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@klboke klboke klboke left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gaoxingzaq @klboke