tomcat禁用OPTIONS、X-Frame-Options
作者:互联网
Tomcat 禁用OPTIONS
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1"> <!-- 关闭不安全的HTTP方法 --> <security-constraint> <web-resource-collection> <web-resource-name>filter-http-method</web-resource-name> <url-pattern>/*</url-pattern> <http-method>OPTIONS</http-method> </web-resource-collection> <auth-constraint></auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config>
Tomcat X-Frame-Options标头(跨域)
<filter> <filter-name>ClickjackFilterDeny</filter-name> <filter-class>org.owasp.esapi.filters.ClickjackFilter</filter-class> <init-param> <param-name>mode</param-name> <param-value>SAMEORIGIN</param-value> </init-param> </filter> <filter-mapping> <filter-name>ClickjackFilterDeny</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
标签:esapi,tomcat,禁用,Frame,ClickjackFilterDeny,Options,OPTIONS 来源: https://blog.51cto.com/u_15196512/2768722