在Tomcat的web.xml中加载以下内容，重新启动服务即可

<filter>
    <filter-name>httpHeaderSecurity</filter-name>
    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
    <init-param>
        <param-name>antiClickJackingEnabled</param-name>
        <param-value>true</param-value>
    </init-param>
    <init-param>
        <param-name>antiClickJackingOption</param-name>
        <param-value>ALLOW-FROM</param-value>
    </init-param>
    <async-supported>true</async-supported>
  </filter>

  <filter-mapping>
     <filter-name>httpHeaderSecurity</filter-name>
     <url-pattern>/*</url-pattern>
     <dispatcher>REQUEST</dispatcher>
  </filter-mapping>

  <security-constraint>
    <web-resource-collection>
       <url-pattern>/*</url-pattern>
       <http-method>PUT</http-method>
       <http-method>DELETE</http-method>
       <http-method>HEAD</http-method>
       <http-method>OPTIONS</http-method>
       <http-method>TRACE</http-method>
    </web-resource-collection>
    <auth-constraint>
    </auth-constraint>
  </security-constraint>
   <login-config>
    <auth-method>BASIC</auth-method>
   </login-config>