springboot 响应头 增加X-Frame-Options
时间: 2024-01-06 17:25:02 浏览: 55
在Spring Boot中,你可以通过添加自定义过滤器来设置响应头中的X-Frame-Options字段。下面是两种方法:
方法一:使用@WebFilter注解
```java
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebFilter(urlPatterns = "/*")
public class XFrameOptionsFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
httpServletResponse.setHeader("X-Frame-Options", "SAMEORIGIN");
chain.doFilter(request, response);
}
}
```
方法二:使用FilterRegistrationBean注册过滤器
```java
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import javax.servlet.Filter;
@Configuration
public class XFrameOptionsConfig {
@Bean
public FilterRegistrationBean<XFrameOptionsFilter> xFrameOptionsFilter() {
FilterRegistrationBean<XFrameOptionsFilter> registrationBean = new FilterRegistrationBean<>();
registrationBean.setFilter(new XFrameOptionsFilter());
registrationBean.addUrlPatterns("/*");
return registrationBean;
}
}
```
这两种方法都会在每个请求的响应头中添加X-Frame-Options字段,并将其值设置为SAMEORIGIN,以防止页面被嵌套到其他网站的iframe中。