public class CSRFUtil {
public static boolean validCsrfAddress(String local,String referer) {
String[] whiteList = { local, "xx.com"};
if (org.apache.commons.lang3.StringUtils.isEmpty(referer)) {
return false;
}
if (org.apache.commons.lang3.StringUtils.isEmpty(local)) {
return false;
}
if (referer.contains("?")) {
referer = referer.substring(0, referer.indexOf("?"));
}
URI referUri = null;
try {
referUri = new URI(referer);
} catch (URISyntaxException e) {
return false;
}
String domain = referUri.getHost().toLowerCase();
for (int i = 0; i < whiteList.length; i++) {
if (whiteList[i].toLowerCase().equals(domain)) {
return true;
}
}
return false;
}
}
转载于:https://my.oschina.net/liuxundemo/blog/515846