diff --git a/maku-framework/src/main/java/net/maku/framework/common/xss/XssFilter.java b/maku-framework/src/main/java/net/maku/framework/common/xss/XssFilter.java
index 0eb0034..e41d2b0 100644
--- a/maku-framework/src/main/java/net/maku/framework/common/xss/XssFilter.java
+++ b/maku-framework/src/main/java/net/maku/framework/common/xss/XssFilter.java
@@ -38,7 +38,7 @@ public class XssFilter extends OncePerRequestFilter {
         }
 
         // 放行不过滤的URL
-        return properties.getExcludeUrls().stream().anyMatch(excludeUrl -> pathMatcher.match(excludeUrl, request.getRequestURI()));
+        return properties.getExcludeUrls().stream().anyMatch(excludeUrl -> pathMatcher.match(excludeUrl, request.getServletPath()));
     }
 
 }
diff --git a/maku-framework/src/main/java/net/maku/framework/common/xss/XssFilterJsonDeserializer.java b/maku-framework/src/main/java/net/maku/framework/common/xss/XssFilterJsonDeserializer.java
index 709e2a0..0b8f37b 100644
--- a/maku-framework/src/main/java/net/maku/framework/common/xss/XssFilterJsonDeserializer.java
+++ b/maku-framework/src/main/java/net/maku/framework/common/xss/XssFilterJsonDeserializer.java
@@ -33,9 +33,9 @@ public class XssFilterJsonDeserializer extends JsonDeserializer<String> {
         if (request == null) {
             return value;
         }
-        
+
         // 判断该URI是否放行
-        boolean flag = properties.getExcludeUrls().stream().anyMatch(excludeUrl -> pathMatcher.match(excludeUrl, request.getRequestURI()));
+        boolean flag = properties.getExcludeUrls().stream().anyMatch(excludeUrl -> pathMatcher.match(excludeUrl, request.getServletPath()));
         if (flag) {
             return value;
         }