ClickJacking过滤器以添加X-FRAME-OPTIONS作为响应 [英] ClickJacking Filter to add X-FRAME-OPTIONS in response
本文介绍了ClickJacking过滤器以添加X-FRAME-OPTIONS作为响应的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
为了解决clickJacking和阻止我的网站被iframe打开的问题,我创建了一个servlet过滤器,在其中添加以下行以添加"X-FRAME-OPTIONS"响应标头.但是,当我运行页面并看到该页面的响应标头时,我再也找不到该标头了.知道为什么吗?
In order to tackle clickJacking and blocking my site to be opened by iframe I have created a servlet filter in which I am adding below line to add "X-FRAME-OPTIONS" response header. But when I run page and see response headers of that page I never get this header in there. Any Idea why?
public void doFilter(
ServletRequest request, ServletResponse response, FilterChain chain
) throws IOException, ServletException
{
HttpServletResponse res = (HttpServletResponse)response;
chain.doFilter(request, response);
//Specify the mode
res.addHeader("X-FRAME-OPTIONS", "DENY");
}
推荐答案
您需要在调用doFilter
之前添加标头.到时间控件从doFilter
返回时,标题和正文已经发送完毕,因此您的addHeader
将被忽略.
You need to add the header before calling doFilter
. By the time control returns from doFilter
the headers and body have already been sent, so your addHeader
is ignored.
这篇关于ClickJacking过滤器以添加X-FRAME-OPTIONS作为响应的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文