本文介绍了如何在Tomcat 7中通过两种方式设置Content-Security-Policy响应头。一种是在应用程序中创建过滤器,另一种是自定义阀门。详细步骤包括创建Java过滤器或阀门类,添加依赖,构建库文件,并在server.xml中配置阀门。
一旦使用Tomcat 7.x built in filters无法实现,您可以尝试以下选项之一:
在应用程序中创建过滤器
如果向应用程序添加过滤器是一个选项,则可以使用以下代码为每个响应添加标头:
@WebFilter("/*")
public class MyFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setHeader("Content-Security-Policy", "frame-ancestors 'self'");
chain.doFilter(request, response);
}
}
在Tomcat中创建自定义阀门
另一种选择是定制阀门.引用此page中的步骤:
Create a Maven Java Application.
Add the following dependency:
06001
Create your Java class and extend it from 07002.
Implement the 07003 method.
Build your library (.jar) file
Install the library in the ${tomcat.home}/lib directory.
Configure the server.xml to use your new valve. For example:
06002
Start the server to see your new valve in action
您的阀门实施可能如下:
public class MyValve extends ValveBase {
@Override
public void invoke(Request request, Response response) throws IOException,
ServletException {
HttpServletResponse httpResponse = response.getResponse();
httpResponse.setHeader("Content-Security-Policy", "frame-ancestors 'self'");
getNext().invoke(request, response);
}
}
扫一扫
3万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
