在JBoss EAP 7中配置Http标头 [英] Configure Http Headers in JBoss EAP 7
问题描述
您是否知道是否存在配置JBoss EAP 7发送给客户端的Http标头的标准方法? 我主要对能够配置以下内容感兴趣:
Do you know if there is a standard way to configure the Http Headers that JBoss EAP 7 sends to the client? I am mainly interested in being able to configure the following ones:
- X-XSS-保护
- X-Frame-Options
- 严格的运输安全性
- 内容安全政策
- X-Content-Type-Options
我在互联网上找到了此链接
I found this link on the internet
but I am not sure whether I can use it for the headers I am interested in.
谢谢!
推荐答案
根据JBoss EAP 7文档:
As per the JBoss EAP 7 documentation:
JBoss EAP支持的阀门的先前版本.阀门是在Servlet过滤器更改请求或执行其他处理之前插入到应用程序的请求处理管道中的自定义类.全局阀被插入所有已部署应用程序的请求处理管道中.身份验证器阀对请求的凭据进行身份验证.通过扩展org.apache.catalina.valves.ValveBase类创建阀门,并在jboss-web.xml描述符文件的元素中对其进行配置.
Previous releases of JBoss EAP supported valves. Valves are custom classes inserted into the request processing pipeline for an application before servlet filters to make changes to the request or perform additional processing. Global valves are inserted into the request processing pipeline of all deployed applications. Authenticator valves authenticate the credentials of the request. Valves were created by extending the org.apache.catalina.valves.ValveBase class and configured in the element of the jboss-web.xml descriptor file.
Undertow(在JBoss EAP 7中替代了JBoss Web)不支持阀门.但是,您应该能够通过使用Undertow处理程序来实现类似的功能. Undertow包含许多提供通用功能的内置处理程序.它还提供了创建自定义处理程序的功能,可用于替换自定义阀门功能.
Undertow, which replaces JBoss Web in JBoss EAP 7, does not support valves; however, you should be able to achieve similar functionality by using Undertow handlers. Undertow includes a number of built-in handlers that provide common functionality. It also provides the ability to create custom handlers, which can be used to replace custom valve functionality.
对于复杂的情况,您仍然可以采用这种方法,但是现在,在使用Undertow时,添加响应标头得到了简化,因为您可以将自定义标头添加到JBoss Undertow子系统中,因此您的过滤器部分将有所不同:
You can still go this route for complex situations however now in utilizing Undertow add response headers been simplified as you can just add custom headers to the JBoss Undertow Subsystem, you're filters section will change from this:
<filters>
<response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
为此:
<filters>
<response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
<!-- Begin custom Headers -->
<response-header name="x-xss-protection" header-name="X-XSS-Protection" header-value=""/>
<response-header name="x-frame-options" header-name="X-Frame-Options" header-value=""/>
<response-header name="strict-transport-security" header-name="Strict-Transport-Security" header-value=""/>
<response-header name="content-security-policy" header-name="Content-Security-Policy" header-value=""/>
<response-header name="x-Content-type-options" header-name="X-Content-Type-Options" header-value=""/>
</filters>
我将由其他所有人决定要为标题放置的值(在复制/粘贴期间保存一些编辑操作)
I'll leave it up to everyone else to determine the values they'd like to place for the headers (save some editing during copy/paste)
这篇关于在JBoss EAP 7中配置Http标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
