tomcat 7 中的 Xframe 选项 [英] Xframe option in tomcat 7

问题描述

我在我的 tomcat web.xml 中添加了以下代码片段以防止点击劫持.

I have added the below code snippet in my tomcat web.xml to prevent clickjacking.

在添加内置过滤器的部分，我添加了

In the section to add built-in filter, I have added

<filter>
    <filter-name>httpHeaderSecurity</filter-name>
    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
    <init-param>
        <param-name>antiClickJackingOption</param-name>
        <param-value>SAMEORIGIN</param-value>
    </init-param>
</filter>

对于我添加的过滤器映射部分.

For filter-mapping part I have added.

<filter-mapping>
    <filter-name>httpHeaderSecurity</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>

编辑并进行这两项更改后，测试页面(我试图在 中打开目标页面的 html 页面)通过(无法在框架内打开目标页面).
但是apache欢迎页面给了404新的变化.

After editing and making these two changes,test page (html page where I am trying to open the target page in <frame>) passes (not able to open the target page inside frames).
But the apache welcome page gives 404 with the new changes.

如果我遗漏了什么，请告诉我.

Please let me know if I am missing anything.

推荐答案

我在使用 tomcat7 和完全相同的过滤器时也遇到了这个问题.

I also had this issue with tomcat7 and the exact same filter.

您应该做的第一件事是检查CATALINA_BASE/logs/下的tomcat 日志.找到并打开localhost.YYYY-MM-DD.log；在那里你应该找到错误的原因.

The first thing you should do is check the tomcat logs under CATALINA_BASE/logs/. Locate and open localhost.YYYY-MM-DD.log; there you should find the cause for the error.

在我的日志文件中，我有这个错误:

In my log file I had this error:

SEVERE: Exception starting filter httpHeaderSecurity
java.lang.ClassNotFoundException: org.apache.catalina.filters.HttpHeaderSecurityFilter

然后我发现 HttpHeaderSecurityFilter 是在 Tomcat 7.0.63 版中新添加的 (参见此处)但我运行的是 7.0.52 版本(Ubuntu 14.04 LTS 附带的版本).

I then found out that the HttpHeaderSecurityFilter was newly added in Tomcat Version 7.0.63 (see here) but I was running version 7.0.52 (the one that comes with Ubuntu 14.04 LTS).

我通过安装最新的 Tomcat 版本解决了这个问题，现在过滤器按预期工作.

I resolved the issue by installing the newest Tomcat version and now the filter works as expected.

这篇关于tomcat 7 中的 Xframe 选项的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！