问题
针对以下问题进行修复:
缺少 "Content-Security-Policy" 头
缺少 "X-Content-Type-Options" 头
缺少 "X-XSS-Protection" 头
主要问题是
Tomcat 服务器没有启用 httpHeaderSecurity 功能
解决步骤及方法:
- 登入 192.168.18.66服务器,找到 Tomcat 配置目录:/root/voice/tomcat/conf
- 修改 web.xml 配置,找到并开启 httpHeaderSecurity 功能(将注释放开)
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
<async-supported>true</async-supported>
</filter>
<!-- ==================== Built In Filter Mappings =====================