From 39509ad9a88e9af4ab62d55a65bbc5da9069f4b8 Mon Sep 17 00:00:00 2001
From: Isaac <57320152+himco@users.noreply.github.com>
Date: Thu, 9 Oct 2025 16:01:00 +0800
Subject: [PATCH] =?UTF-8?q?=E8=A7=A3=E5=86=B3=E7=9B=AE=E5=BD=95=E9=81=8D?=
 =?UTF-8?q?=E5=8E=86=E6=BC=8F=E6=B4=9E=E9=97=AE=E9=A2=98=20(#10586)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 core/init/router/router.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/core/init/router/router.go b/core/init/router/router.go
index ae915c259..b23ca8f02 100644
--- a/core/init/router/router.go
+++ b/core/init/router/router.go
@@ -30,6 +30,10 @@ func setWebStatic(rootRouter *gin.RouterGroup) {
 	rootRouter.Static("/api/v2/images", path.Join(global.CONF.Base.InstallDir, "1panel/uploads/theme"))
 	rootRouter.GET("/assets/*filepath", func(c *gin.Context) {
 		c.Writer.Header().Set("Cache-Control", fmt.Sprintf("private, max-age=%d", 3600))
+		if c.Request.URL.Path[len(c.Request.URL.Path)-1] == '/' {
+	        c.AbortWithStatus(http.StatusForbidden)
+	        return
+	    }
 		staticServer := http.FileServer(http.FS(web.Assets))
 		staticServer.ServeHTTP(c.Writer, c.Request)
 	})