如何禁止从一个iframe网站访问？ [英] How to deny site access from an iframe?

问题描述

我注意到一些网站否认从iFrame中他们的注册和登录页面出于安全原因的访问。这是在我看来，一个好主意。

I've noticed a few websites deny access from iFrames to their registration and login pages for security reasons. It's a good idea in my opinion.

我想知道什么设置他们为了做到这一点需要，因为我想这样做在我的网站。有问题的网站是建立在Java中，并运行在Apache Tomcat。

I'm wondering what settings they need in order to do this as I would like to do the same on my website. The website in question is built in Java and runs on Apache Tomcat.

如果有人知道如何做到这一点这将是巨大的，如果你可以分享。

If anyone knows how this is done it would be great if you could share.

推荐答案

好，你应该使用 X框选项

看了这篇文章，希望它可以帮助：

read this article, hope it helps:

<一个href=\"http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx\" rel=\"nofollow\">http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx

我不熟悉JSP和servlet，但我认为你可以做这样的事情：

I'm not familiar with jsp and servlets, but i think you could do something like this:

public class NoIFrameAllowedServlet extends HttpServlet {

  public void doGet(HttpServletRequest request,
                    HttpServletResponse response)
      throws ServletException, IOException {
      response.setHeader("X-Frame-Options", "SAMEORIGIN");
    }

这篇关于如何禁止从一个iframe网站访问？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！