From cb59082bad17508f7e9355d8b9605022dde8e399 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=96=AF=E7=8B=82=E7=9A=84=E7=8B=AE=E5=AD=90Li?=
 <15040126243@163.com>
Date: Mon, 31 Jul 2023 09:54:48 +0800
Subject: [PATCH] =?UTF-8?q?update=20=E4=BC=98=E5=8C=96=20=E5=85=BC?=
 =?UTF-8?q?=E5=AE=B9=20clientid=20=E9=80=9A=E8=BF=87=20param=20=E4=BC=A0?=
 =?UTF-8?q?=E8=BE=93?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../org/dromara/common/security/config/SecurityConfig.java   | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfig.java b/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfig.java
index 7ac920f2..063d9131 100644
--- a/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfig.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfig.java
@@ -48,10 +48,11 @@ public class SecurityConfig implements WebMvcConfigurer {
                     // 检查是否登录 是否有token
                     StpUtil.checkLogin();
 
-                    // 检查 header 里的 clientId 与 token 里的是否一致
+                    // 检查 header 与 param 里的 clientid 与 token 里的是否一致
                     String headerCid = ServletUtils.getRequest().getHeader(LoginHelper.CLIENT_KEY);
+                    String paramCid = ServletUtils.getParameter(LoginHelper.CLIENT_KEY);
                     String clientId = StpUtil.getExtra(LoginHelper.CLIENT_KEY).toString();
-                    if (!StringUtils.equals(headerCid, clientId)) {
+                    if (!StringUtils.equalsAny(clientId, headerCid, paramCid)) {
                         // token 无效
                         throw NotLoginException.newInstance(
                             StpUtil.getLoginType(),