tomcat禁用OPTIONS、X-Frame-Options

Tomcat 禁用OPTIONS

<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
                      http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
  version="3.1">
<!-- 关闭不安全的HTTP方法 -->
 <security-constraint>
  <web-resource-collection>
   <web-resource-name>filter-http-method</web-resource-name>
   <url-pattern>/*</url-pattern>
   <http-method>OPTIONS</http-method>
  </web-resource-collection>
  <auth-constraint></auth-constraint>
 </security-constraint>
 
 <login-config>
  <auth-method>BASIC</auth-method>
 </login-config>

 Tomcat  X-Frame-Options标头(跨域)

<filter>
    <filter-name>ClickjackFilterDeny</filter-name>
    <filter-class>org.owasp.esapi.filters.ClickjackFilter</filter-class>
    <init-param>
        <param-name>mode</param-name>
        <param-value>SAMEORIGIN</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>ClickjackFilterDeny</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

标签：esapi,tomcat,禁用,Frame,ClickjackFilterDeny,Options,OPTIONS
来源： https://blog.51cto.com/u_15196512/2768722