背景:
安全团队扫描代码有安全漏洞,需要新增响应头 X-Frame-Options以防止站点劫持。
springboot配置全局响应头,直接新建该类即可:
package com.app.healthyCheck.Config;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class AddResponseHeaderFilter extends OncePerRequestFilter {
//防止站点劫持
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
FilterChain filterChain) throws ServletException, IOException {
httpServletResponse.addHeader("X-Frame-Options", "SAMEORIGIN");
filterChain.doFilter(httpServletRequest, httpServletResponse);
}
}
springcloud配置全局响应头:
直接在网关层面配置一个fillter即可,即在网关层面直接新建该类即可: