可以将Tomcat 7配置为插入“Content-Security-Policy”。 HTTP标头? [英] Can Tomcat 7 be configured to insert "Content-Security-Policy" HTTP header?
问题描述
可以将Tomcat 7配置为插入 Content-Security-Policy:frame-ancestors'self'
每个响应的HTTP标头,就像它可以插入其他安全相关的标头一样,例如 X-Frame-Options
?
Can Tomcat 7 be configured to insert Content-Security-Policy: frame-ancestors 'self'
HTTP header with every response, like it can insert other security related headers, for example X-Frame-Options
?
推荐答案
一旦它不能成为使用内置过滤器的Tomcat 7.x 实现,您可以尝试以下选项之一:
Once it cannot be achieved with Tomcat 7.x built in filters, you could try one of the following options:
如果向应用程序添加过滤器,一个选项,你可以使用以下代码为每个响应添加一个标题:
If adding a filter to your application is an option, you could use the following code to add a header to every response:
@WebFilter("/*")
public class MyFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setHeader("Content-Security-Policy", "frame-ancestors 'self'");
chain.doFilter(request, response);
}
}
在Tomcat中创建自定义阀门
另一种选择是定制阀门。从页面引用步骤:
-
创建Maven Java应用程序。
Create a Maven Java Application.
添加以下依赖项:
<dependency>
<groupid>org.apache.tomcat</groupId>
<artifactid>tomcat-catalina</artifactId>
<version>7.0.34</version>
<scope>provided</scope>
</dependency>
-
创建Java类并扩展来自
ValveBase
。
实施 调用(请求,响应)
方法。
构建您的库( .jar
)file
Build your library (.jar
) file
在 $ {tomcat.home} / lib中安装库
目录。
配置 server.xml
以使用新阀门。例如:
Configure the server.xml
to use your new valve. For example:
<valve className="com.example.MyValve"/>
- 启动服务器以查看新的阀门行动
您的阀门实施可能如下:
Your valve implementation could be like:
public class MyValve extends ValveBase {
@Override
public void invoke(Request request, Response response) throws IOException,
ServletException {
HttpServletResponse httpResponse = response.getResponse();
httpResponse.setHeader("Content-Security-Policy", "frame-ancestors 'self'");
getNext().invoke(request, response);
}
}
这篇关于可以将Tomcat 7配置为插入“Content-Security-Policy”。 HTTP标头?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!