新增一个拦截器,在拦截器doFilter()方法增加以下代码
public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {
//增加响应头缺失代码
HttpServletRequest req=(HttpServletRequest)request;
HttpServletResponse res=(HttpServletResponse)response;
res.addHeader("X-Frame-Options","SAMEORIGIN");
res.addHeader("Referer-Policy","origin");
res.addHeader("Content-Security-Policy","object-src ‘self‘");
res.addHeader("X-Permitted-Cross-Domain-Policies","master-only");
res.addHeader("X-Content-Type-Options","nosniff");
res.addHeader("X-XSS-Protection","1; mode=block");
res.addHeader("X-Download-Options","noopen");
//处理cookie问题
Cookie[] cookies = req.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
String value = cookie.getValue();
StringBuilder builder = new StringBuilder();
builder.append(cookie.getName()+"="+value+";");
builder.append("Secure;");//Cookie设置Secure标识
builder.append("HttpOnly;");//Cookie设置HttpOnly
res.addHeader("Set-Cookie", builder.toString());
}
}
chain.doFilter(request, response);
}
原文地址:https://www.cnblogs.com/pxblog/p/11630736.html
时间: 2024-10-29 21:45:46