当前位置:网站首页>Click hijack: X-FRAME-OPTIONS is not configured
Click hijack: X-FRAME-OPTIONS is not configured
2022-06-29 00:11:00 【hay_ lee】
X-Frame-Options Not configured
There are three parameters that can be configured :
1.DENY: The browser refuses to load any Frame page .
2.SAMEORIGIN: The page can only be loaded into the page under the same domain name .
3.ALLOW-FROM uri: Can only be embedded in the framework of the specified domain name .
Generally, it is OK to select the second parameter .
Mode one : Add settings per page :
<% response.addHeader("x-frame-options","SAMEORIGIN");%>
Mode two : Add filter settings to the project code :
public class FrameFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
// Set up x-frame-options
response.setHeader("x-frame-options", "SAMEORIGIN");
chain.doFilter(request, response);
}
public void init(FilterConfig config) throws ServletException {
}
public void destroy() {
}
}
then web.xml Configure this filter in , I won't repeat .
Mode three :tomcat Set in ( If the server used is tomcat, Can be in tomcat Set in ,tomcat All applications will take effect under )
tomcat Catalog /conf/web.xml Looking for in httpHeaderSecurity To configure , Just remove the previous comments .
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
// Add the following code start
<init-param>
<param-name>antiClickJackingEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param> // add to end
</filter>
All three of the above methods can , It depends on the project !
边栏推荐
- ES6:let、const、箭头函数
- Auto encoder
- 6.28 学习内容
- LeetCode每日一题:实现strStr()
- Stm32f407----- register address name mapping analysis
- Online yaml to JSON tool
- After eight years of testing and opening experience and interview with 28K company, hematemesis sorted out high-frequency interview questions and answers
- 《英语语法新思维 基础版2》读书笔记(一)
- stm32F407-------GPIO输入实验
- Is it reliable and safe to avoid five in case of stock trading account opening
猜你喜欢
随机推荐
12. Détection d'objets Mask rcnn
After eight years of testing and opening experience and interview with 28K company, hematemesis sorted out high-frequency interview questions and answers
LinkedIn DataHub --- 经验分享
TypeScript--第四节:函数
Stm32f407----- register address name mapping analysis
Stm32f407 ------ clock system (systeminit clock initialization, systick tick timer)
Notes: three ways to define setters and Getters
Have you ever met a fake interview in a job interview? How to avoid?
Haskell 配置 VS code 开发环境 (2022年6月)
How many locks are added to an update statement? Take you to understand the underlying principles
stm32F407-------外部中断
Use and principle of handlerthread
stm32F407-------GPIO输入实验
Blue Bridge Cup top ten common heaven level skill - breath of water The type of one recursion
[buuctf.reverse] 131-135
Technology sharing | software development process that you must understand if you want to get started with testing
【LeetCode】21. 合并两个有序链表 - Go 语言题解
矩 阵 压 缩
What are the virtual machine software? What are their respective roles?
12.物体检测Mask-Rcnn