tomcat7从 7.0.63开始 ,
tomcat8从 8.0.23版本开始,
tomcat支持在它自带的web.xml里配置HttpHeaderSecurityFilter,这是一个可选项,默认不开启该filter,开启后可支持的配置项如下:
<filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <init-param> <param-name>antiClickJackingOption</param-name> <param-value>SAMEORIGIN</param-value> </init-param> <async-supported>true</async-supported> </filter> <filter-mapping> <filter-name>httpHeaderSecurity</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping>
该配置如果出现在项目中,则对单个项目有效。如果想对tomcat下所有项目生效则需要将改配置项写在 tomcat目录下即${catalina_home}/conf/web.xml中
另外,需要注意的是Spring Security中也有类似的配置项,如果使用Spring Security框架需要注意的是该框架默认设置 X-Frame-Options: DENY
如下图所示:
上图来自官方文档说明(4.0.1)
Tomcat的HttpHeaderSecurityFilter配置项会覆盖Spring Security的配置。
验证方法:
打开网页,用浏览器的开发工具查看返回的response headers
相关推荐
apache-tomcat-10.0.8-windows-x64.zip、 apache-tomcat-10.0.8-windows-x86.zip、 apache-tomcat-10.0.8-deployer.tar.gz、 apache-tomcat-10.0.8-deployer.zip、 apache-tomcat-10.0.8-embed.tar.gz、 apache-...
最新版linux apache-tomcat-9.0.46.tar.gz最新版linux apache-tomcat-9.0.46.tar.gz
最新版linux apache-tomcat-9.0.50.tar.gz最新版linux apache-tomcat-9.0.50.tar.gz
最新版linux apache-tomcat-8.5.63.tar.gz
官方原版apache-tomcat-9.0.34.tar.gz
apache-tomcat-9.0.56.tar.gz
最新版linux apache-tomcat-8.5.58.tar.gz
最新版linux apache-tomcat-9.0.53.tar.gz最新版linux apache-tomcat-9.0.53.tar.gz
最新版linux apache-tomcat-8.5.69.tar.gz最新版linux apache-tomcat-8.5.69.tar.gz
apache-tomcat-8.5.79.tar.gz
apache-tomcat-8.5.75.tar.gz
最新版linux apache-tomcat-8.5.56.tar.gz
apache-tomcat-8.5.92.tar.gz
apache-tomcat-7.0.108.tar.gz
最新版linux apache-tomcat-9.0.52.tar.gz最新版linux apache-tomcat-9.0.52.tar.gz
最新版linux apache-tomcat-10.0.2.tar.gz最新版linux apache-tomcat-10.0.2.tar.gz
最新版linux apache-tomcat-9.0.36.tar.gz
apache-tomcat-8.5.78.tar.gz
apache-tomcat-9.0.45-windows-x64apache-tomcat-9.0.45-windows-x64apache-tomcat-9.0.45-windows-x64apache-tomcat-9.0.45-windows-x64apache-tomcat-9.0.45-windows-x64apache-tomcat-9.0.45-windows-x64apache-...
apache-tomcat-9.0.60.tar.gz