项目中新建类:
package com.*.*.filter; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class XFrameOptionsHeaderFilter implements Filter { public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { //必须 HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; //实际设置 SAMEORIGIN:页面只能加载入同源域名下的页面 response.setHeader("x-frame-options", "SAMEORIGIN"); //调用下一个过滤器 chain.doFilter(request, response); } public void init(FilterConfig config) throws ServletException { } public void destroy() { } }
web.xml中配置:
<filter> <filter-name>XFrameOptionsHeaderFilter</filter-name> <filter-class>com.*.*.filter.XFrameOptionsHeaderFilter</filter-class> </filter> <filter-mapping> <filter-name>XFrameOptionsHeaderFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
浏览器发起请求,查看请求响应头内容是否包含X-Frame-Options参数;包含则配置成功