Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

通用登录生成的特殊链接,通过iframe的方式嵌入,会自动跳到登录页面,请教大神们怎样处理?翻遍了整个issues,也没找到答案! #2218

Open
lvreninfo opened this issue Jun 20, 2024 · 3 comments
Open

通用登录生成的特殊链接,通过iframe的方式嵌入,会自动跳到登录页面,请教大神们怎样处理?翻遍了整个issues,也没找到答案! #2218

lvreninfo opened this issue Jun 20, 2024 · 3 comments

Comments

@lvreninfo
Copy link

通用登录生成的特殊链接,通过iframe的方式嵌入打开,会自动跳到登录页面,请教大神们怎样处理??
翻遍了整个issues,也没找到答案!

showdoc.vue

<template>
   <iframe :src="iframeSrc" class="showdoc_iframe" frameborder="0" /> 
</template>

   <script lang="ts" setup>
    import md5 from 'js-md5'
  
    const host = 'http://192.168.8.20:7001'
    const timeStamp = Date.now() * 1000
    const username = 'jyp'
  
    const redirect = encodeURIComponent('http://192.168.8.20:7001/web/#/item/index')
    const LoginSecretKey = 'e2de81cfd831bc68bd1aba74cf1fc368'
    const token = md5(`${username}${LoginSecretKey}${timeStamp}`)
  
    const iframeSrc = `${host}/server/?s=/api/extLogin/bySecretKey&username=${username}&time=${timeStamp}&token=${token}&redirect=${redirect}`

 </script>

当你直接访问通过浏览器地址栏访问 iframeSrc 地址,是正常登录并跳转了!通过iframe就会自动跳到登录页面
@star7th
Copy link
Owner

star7th commented Jun 20, 2024

不清楚。不打算支持这种方式。这种方式可能会引起安全问题。

@suyuanlin
Copy link

不清楚。不打算支持这种方式。这种方式可能会引起安全问题。

大佬,有解决方案吗?可以设置md5是一次性的,每次都是新的md5,这样安全又上升了一个台阶

@star7th
Copy link
Owner

star7th commented Aug 16, 2024

没有解决方案。MD5不解决问题。只要暴露到前端,就是不安全

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@star7th @suyuanlin @lvreninfo