当前位置:网站首页>Click hijack: X-FRAME-OPTIONS is not configured
Click hijack: X-FRAME-OPTIONS is not configured
2022-06-29 00:11:00 【hay_ lee】
X-Frame-Options Not configured
There are three parameters that can be configured :
1.DENY: The browser refuses to load any Frame page .
2.SAMEORIGIN: The page can only be loaded into the page under the same domain name .
3.ALLOW-FROM uri: Can only be embedded in the framework of the specified domain name .
Generally, it is OK to select the second parameter .
Mode one : Add settings per page :
<% response.addHeader("x-frame-options","SAMEORIGIN");%>
Mode two : Add filter settings to the project code :
public class FrameFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
// Set up x-frame-options
response.setHeader("x-frame-options", "SAMEORIGIN");
chain.doFilter(request, response);
}
public void init(FilterConfig config) throws ServletException {
}
public void destroy() {
}
}
then web.xml Configure this filter in , I won't repeat .
Mode three :tomcat Set in ( If the server used is tomcat, Can be in tomcat Set in ,tomcat All applications will take effect under )
tomcat Catalog /conf/web.xml Looking for in httpHeaderSecurity To configure , Just remove the previous comments .
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
// Add the following code start
<init-param>
<param-name>antiClickJackingEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param> // add to end
</filter>
All three of the above methods can , It depends on the project !
边栏推荐
- Is it safe to open an account for buying stocks online?
- "Five considerations" for safe use of the Internet
- What are some tips to improve your interview success rate?
- Phoenix安装教程
- MapReduce案例
- 随笔记:定义setter和getter的三种方式
- Three PWN questions
- PHP function file_ get_ Contents and memory mapping of operating system
- With notes: re understanding else if
- Xiaobai's e-commerce business is very important to choose the right mall system!
猜你喜欢
Stm32f407-------- NVIC interrupt priority management
TypeScript -- 第二节:变量声明
TypeScript--第四节:函数
MapReduce案例
Online yaml to JSON tool
Phoenix安装教程
Yyds dry goods count 【 vs code work record III 】 set vs code format
每日一题:数组中数字出现的次数2
每日一题: 数组中数字出现的次数
【LeetCode】21. Merge two ordered linked lists - go language solution
随机推荐
炒股开户万一免五是靠谱么,安全么
Stm32f407----- register address name mapping analysis
好用免费的PPT模板
LG. Hankson's interesting questions, C language
stm32F407-------NVIC中断优先级管理
oracle 去掉html标签
Matrix compression
Chrome浏览器的基本使用
[machine learning] numerical analysis 02 -- finding roots of arbitrary equations
[buuctf.reverse] 131-135
[200 opencv routines] 101 adaptive median filter
EditText监听焦点
Yyds dry goods count 【 vs code work record III 】 set vs code format
How many locks are added to an update statement? Take you to understand the underlying principles
Stm32f407------- general timer
入行数字IC验证后会做些什么?
随笔记:模拟类数组(array-like)的方法
Summary of the 25-year-old Ma Nong who graduated three years ago
每日一题:消失的数字
Along with the notes: methods simulating array like classes