运维开发网
广告位招商联系QQ:123077622
 
广告位招商联系QQ:123077622

tomcat禁用OPTIONS、X-Frame-Options

运维开发网 https://www.qedev.com 2021-05-14 21:06 出处:51CTO 作者:Mr.Jiang
tomcat禁用OPTIONS、X-Frame-Options,运维技术交流原创的Linux文章。

Tomcat 禁用OPTIONS

<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
                      http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
  version="3.1">
<!-- 关闭不安全的HTTP方法 -->
 <security-constraint>
  <web-resource-collection>
   <web-resource-name>filter-http-method</web-resource-name>
   <url-pattern>/*</url-pattern>
   <http-method>OPTIONS</http-method>
  </web-resource-collection>
  <auth-constraint></auth-constraint>
 </security-constraint>
 
 <login-config>
  <auth-method>BASIC</auth-method>
 </login-config>

 Tomcat  X-Frame-Options标头(跨域)

<filter>
    <filter-name>ClickjackFilterDeny</filter-name>
    <filter-class>org.owasp.esapi.filters.ClickjackFilter</filter-class>
    <init-param>
        <param-name>mode</param-name>
        <param-value>SAMEORIGIN</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>ClickjackFilterDeny</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

扫码领视频副本.gif

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号