如何在 WSO2 5.4.1 中启用 X-Frame-Options? [英] How to enable X-Frame-Options in WSO2 5.4.1?

查看:24
本文介绍了如何在 WSO2 5.4.1 中启用 X-Frame-Options?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我尝试按照文档中的说明配置我的 jaggery.conf 文件以允许如下框架:

I tried to configure my jaggery.conf file as stated in the documentation to allow framing as follows :

"filters":[
      {
        "name":"HttpHeaderSecurityFilter",
        "class":"org.apache.catalina.filters.HttpHeaderSecurityFilter",
        "params" : [
            {"name" : "hstsEnabled", "value" : "false"},
                        { "name": "antiClickJackingOption", "value": "SAMEORIGIN" }
             ]
      },
      {
        "name": "ContentTypeBasedCachePreventionFilter",
        "class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter",
        "params":[
          {"name": "patterns", "value": "text/html\" ,application/json\" ,plain/text"},
          {"name": "filterAction", "value": "enforce"},
          {"name": "httpHeaders", "value": "Cache-Control: no-store, no-cache, must-revalidate, private"}
        ]
      }
    ],

尽管如此,在我的客户端应用程序中,我仍然收到一条消息,指出不允许使用框架.

Despite, in my client app, I still get a message saying that framing isn't allowed.

Load denied by X-Frame-Options: https://localhost:9444/authenticationendpoint/oauth2_error.do?oauthErrorCode=invalid_callback&oauthErrorMsg=Registered+callback+does+not+match+with+the+provided+url. does not permit framing.

推荐答案

由于这个问题来自authenticationendpoint,你必须在文件中配置HttpHeaderSecurityFilter过滤器>/repository/deployment/server/webapps/authenticationendpoint/WEB-INF/web.xml 如下.

Since this issue is coming from authenticationendpoint, you have to configure HttpHeaderSecurityFilter filter in the file <IS_HOME>/repository/deployment/server/webapps/authenticationendpoint/WEB-INF/web.xml as follows.

<filter>
    <filter-name>HttpHeaderSecurityFilter</filter-name>
    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
    <init-param>
        <param-name>hstsEnabled</param-name>
        <param-value>false</param-value>
    </init-param>
    <init-param>
        <param-name>antiClickJackingOption</param-name>
        <param-value>SAMEORIGIN</param-value>
    </init-param>
</filter>

顺便说一句,共享网址中的错误是Registered+callback+does+not+match+with+the+provided+url,你可以检查一下redirect_uri请求 URL 中定义的与服务提供者中配置的匹配.

Btw, the error in the shared URL is Registered+callback+does+not+match+with+the+provided+url, you can check whether the redirect_uri defined in the request URL is matching with the one configured in the service provider.

这篇关于如何在 WSO2 5.4.1 中启用 X-Frame-Options?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆