过滤器dofileter 方法中 添加
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
res.addHeader("Set-Cookie", " Path=/; HttpOnly"); //Cookie 缺少 HttpOnly属性
res.addHeader("X-Frame-Options","SAMEORIGIN"); //防止 x-frame-options 缺失