java ClickJacking 过滤器以添加 X-FRAME-OPTIONS 作为响应
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11371755/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
ClickHymaning Filter to add X-FRAME-OPTIONS in response
提问by Dev G
In order to tackle clickHymaning and blocking my site to be opened by iframe I have created a servlet filter in which I am adding below line to add "X-FRAME-OPTIONS" response header. But when I run page and see response headers of that page I never get this header in there. Any Idea why?
为了解决 clickHymaning 并阻止我的网站被 iframe 打开,我创建了一个 servlet 过滤器,我在其中添加以下行以添加“X-FRAME-OPTIONS”响应标头。但是当我运行 page 并看到该页面的响应标题时,我从来没有在那里得到这个标题。任何想法为什么?
public void doFilter(
ServletRequest request, ServletResponse response, FilterChain chain
) throws IOException, ServletException
{
HttpServletResponse res = (HttpServletResponse)response;
chain.doFilter(request, response);
//Specify the mode
res.addHeader("X-FRAME-OPTIONS", "DENY");
}
回答by Devon_C_Miller
You need to add the header before calling doFilter. By the time control returns from doFilterthe headers and body have already been sent, so your addHeaderis ignored.
您需要在调用之前添加标题doFilter。到时候从头doFilter和正文返回的控制已经发送,所以你的addHeader被忽略了。
