tomcat 7 中的 Xframe 选项 [英] Xframe option in tomcat 7
问题描述
我在我的 tomcat web.xml 中添加了以下代码片段以防止点击劫持.
I have added the below code snippet in my tomcat web.xml to prevent clickjacking.
在添加内置过滤器的部分,我添加了
In the section to add built-in filter, I have added
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
对于我添加的过滤器映射部分.
For filter-mapping part I have added.
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
编辑并进行这两项更改后,测试页面(我试图在 中打开目标页面的 html 页面)通过(无法在框架内打开目标页面).
但是apache欢迎页面给了404新的变化.
After editing and making these two changes,test page (html page where I am trying to open the target page in <frame>
) passes (not able to open the target page inside frames).
But the apache welcome page gives 404 with the new changes.
如果我遗漏了什么,请告诉我.
Please let me know if I am missing anything.
推荐答案
我在使用 tomcat7 和完全相同的过滤器时也遇到了这个问题.
I also had this issue with tomcat7 and the exact same filter.
您应该做的第一件事是检查CATALINA_BASE/logs/下的tomcat 日志.找到并打开localhost.YYYY-MM-DD.log;在那里你应该找到错误的原因.
The first thing you should do is check the tomcat logs under CATALINA_BASE/logs/. Locate and open localhost.YYYY-MM-DD.log; there you should find the cause for the error.
在我的日志文件中,我有这个错误:
In my log file I had this error:
SEVERE: Exception starting filter httpHeaderSecurity
java.lang.ClassNotFoundException: org.apache.catalina.filters.HttpHeaderSecurityFilter
然后我发现 HttpHeaderSecurityFilter 是在 Tomcat 7.0.63 版中新添加的 (参见此处)但我运行的是 7.0.52 版本(Ubuntu 14.04 LTS 附带的版本).
I then found out that the HttpHeaderSecurityFilter was newly added in Tomcat Version 7.0.63 (see here) but I was running version 7.0.52 (the one that comes with Ubuntu 14.04 LTS).
我通过安装最新的 Tomcat 版本解决了这个问题,现在过滤器按预期工作.
I resolved the issue by installing the newest Tomcat version and now the filter works as expected.
这篇关于tomcat 7 中的 Xframe 选项的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!