新增一个拦截器,在拦截器doFilter()方法增加以下代码
public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException { //增加响应头缺失代码 HttpServletRequest req=(HttpServletRequest)request; HttpServletResponse res=(HttpServletResponse)response; res.addHeader("X-Frame-Options","SAMEORIGIN"); res.addHeader("Referer-Policy","origin"); res.addHeader("Content-Security-Policy","object-src ‘self‘"); res.addHeader("X-Permitted-Cross-Domain-Policies","master-only"); res.addHeader("X-Content-Type-Options","nosniff"); res.addHeader("X-XSS-Protection","1; mode=block"); res.addHeader("X-Download-Options","noopen"); //处理cookie问题 Cookie[] cookies = req.getCookies(); if (cookies != null) { for (Cookie cookie : cookies) { String value = cookie.getValue(); StringBuilder builder = new StringBuilder(); builder.append(cookie.getName()+"="+value+";"); builder.append("Secure;");//Cookie设置Secure标识 builder.append("HttpOnly;");//Cookie设置HttpOnly res.addHeader("Set-Cookie", builder.toString()); } } chain.doFilter(request, response); }
原文地址:https://www.cnblogs.com/pxblog/p/11630736.html
时间: 2024-10-29 21:45:46