fix(security): 修复 P0 安全漏洞 (Session越权+CORS白名单+用户名枚举)

2026-05-21 16:12:54 +08:00
parent 702d4ee1fe
commit 380cc24913
7 changed files with 161 additions and 15 deletions
@@ -158,7 +158,7 @@ func main() {
    r := gin.New()

    // 中间件
-    r.Use(middleware.CORS())
+    r.Use(middleware.CORS(cfg.AllowedOrigins))
    r.Use(middleware.RequestLogging())
    r.Use(gin.Recovery())