如何拒绝来自 iframe 的站点访问? [英] How to deny site access from an iframe?
问题描述
我注意到一些网站出于安全原因拒绝从 iFrame 访问其注册和登录页面.在我看来,这是个好主意.
I've noticed a few websites deny access from iFrames to their registration and login pages for security reasons. It's a good idea in my opinion.
我想知道他们需要什么设置才能做到这一点,因为我想在我的网站上做同样的事情.有问题的网站是用 Java 构建的,并在 Apache Tomcat 上运行.
I'm wondering what settings they need in order to do this as I would like to do the same on my website. The website in question is built in Java and runs on Apache Tomcat.
如果有人知道这是怎么做的,如果你能分享一下就好了.
If anyone knows how this is done it would be great if you could share.
推荐答案
好吧,你应该使用 x-frame-options.
阅读这篇文章,希望对您有所帮助:
read this article, hope it helps:
我不熟悉 jsp 和 servlet,但我认为你可以这样做:
I'm not familiar with jsp and servlets, but i think you could do something like this:
public class NoIFrameAllowedServlet extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
response.setHeader("X-Frame-Options", "SAMEORIGIN");
}
这篇关于如何拒绝来自 iframe 的站点访问?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
