码迷,mamicode.com
首页 > 编程语言 > 详细

JAVAWEB项目报"xxx响应头缺失“漏洞处理方案

时间:2019-10-07 16:10:22      阅读:348      评论:0      收藏:0      [点我收藏+]

标签:elf   response   oop   append   void   block   http   secure   chain   

新增一个拦截器,在拦截器doFilter()方法增加以下代码

public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {
		//增加响应头缺失代码
		HttpServletRequest req=(HttpServletRequest)request;
		HttpServletResponse res=(HttpServletResponse)response;
		res.addHeader("X-Frame-Options","SAMEORIGIN");
		res.addHeader("Referer-Policy","origin");
		res.addHeader("Content-Security-Policy","object-src ‘self‘");
		res.addHeader("X-Permitted-Cross-Domain-Policies","master-only");
		res.addHeader("X-Content-Type-Options","nosniff");
		res.addHeader("X-XSS-Protection","1; mode=block");
		res.addHeader("X-Download-Options","noopen");

		//处理cookie问题
		Cookie[] cookies = req.getCookies();
		if (cookies != null) {
			for (Cookie cookie : cookies) {
				String value = cookie.getValue();
				StringBuilder builder = new StringBuilder();
				builder.append(cookie.getName()+"="+value+";");
				builder.append("Secure;");//Cookie设置Secure标识
				builder.append("HttpOnly;");//Cookie设置HttpOnly
				res.addHeader("Set-Cookie", builder.toString());
			}

		}

			chain.doFilter(request, response);

	}

  

JAVAWEB项目报"xxx响应头缺失“漏洞处理方案

标签:elf   response   oop   append   void   block   http   secure   chain   

原文地址:https://www.cnblogs.com/pxblog/p/11630736.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!