JAVAWEB项目报"xxx响应头缺失“漏洞处理方案
Posted yvioo
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了JAVAWEB项目报"xxx响应头缺失“漏洞处理方案相关的知识,希望对你有一定的参考价值。
新增一个拦截器,在拦截器doFilter()方法增加以下代码
public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {
//增加响应头缺失代码
HttpServletRequest req=(HttpServletRequest)request;
HttpServletResponse res=(HttpServletResponse)response;
res.addHeader("X-Frame-Options","SAMEORIGIN");
res.addHeader("Referer-Policy","origin");
res.addHeader("Content-Security-Policy","object-src ‘self‘");
res.addHeader("X-Permitted-Cross-Domain-Policies","master-only");
res.addHeader("X-Content-Type-Options","nosniff");
res.addHeader("X-XSS-Protection","1; mode=block");
res.addHeader("X-Download-Options","noopen");
//处理cookie问题
Cookie[] cookies = req.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
String value = cookie.getValue();
StringBuilder builder = new StringBuilder();
builder.append(cookie.getName()+"="+value+";");
builder.append("Secure;");//Cookie设置Secure标识
builder.append("HttpOnly;");//Cookie设置HttpOnly
res.addHeader("Set-Cookie", builder.toString());
}
}
chain.doFilter(request, response);
}
以上是关于JAVAWEB项目报"xxx响应头缺失“漏洞处理方案的主要内容,如果未能解决你的问题,请参考以下文章
ERROR in [copy-webpack-plugin] unable to locate "D:/xxx/xxx/xxx"
为什么javaweb项目 域名启动 访问子页面或主页报404——Error
解决IDEA在导入Gradle项目之后报Could not resolve symbol "XXX"错误
报Thymeleaf Validation Builder‘ on project ‘xxx‘ 错误
Nginx 启动报错 (nginx: error while loading shared libraries: XXX: cannot open shared object file: No suc