H5W3
当前位置:H5W3 > 问答 > 正文

javaweb项目,html文件放在了WebRoot下,如何拦截访问html的请求呀?

主要目的是,想设置响应头,
给响应头添加上“X-Content-Type-Options”
可是在webroot下的html是直接就访问到了,也没有响应呀?

回答

可以在web.xml启用Filter,如:

  <?xml version="1.0" encoding="UTF-8"?>
    <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
             version="3.1">

      <filter>
        <filter-name>httpHeaderSecurity</filter-name>
        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
        <init-param>
          <param-name>hstsEnabled</param-name>
          <param-value>true</param-value>
        </init-param>
        <init-param>
          <param-name>hstsMaxAgeSeconds</param-name>
          <param-value>2592000</param-value>
        </init-param>
        <init-param>
          <param-name>hstsIncludeSubDomains</param-name>
          <param-value>true</param-value>
        </init-param>      
        <init-param>
          <param-name>antiClickJackingEnabled</param-name>
          <param-value>true</param-value>
        </init-param>     
        <init-param>
          <param-name>antiClickJackingOption</param-name>
          <param-value>SAMEORIGIN</param-value>
        </init-param>  
        <init-param>
          <param-name>blockContentTypeSniffingEnabled</param-name>
          <param-value>true</param-value>
        </init-param>  
        <init-param>
          <param-name>xssProtectionEnabled</param-name>
          <param-value>true</param-value>
        </init-param> 
      </filter>
     <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>/*</param-value>
      </init-param>
      <filter-mapping>
        <filter-name>httpHeaderSecurity</filter-name>  
        <url-pattern>/*</url-pattern>
      </filter-mapping>
      <filter>
        <filter-name>ExpiresFilter</filter-name>
        <filter-class>org.apache.catalina.filters.ExpiresFilter</filter-class>
        <init-param>
          <param-name>ExpiresDefault</param-name>
          <param-value>access plus 1 days</param-value>
        </init-param>
      </filter>

      <filter-mapping>
        <filter-name>ExpiresFilter</filter-name>
        <url-pattern>/*</url-pattern>
      </filter-mapping>
      
      <error-page>
        <location>/index.html</location>
      </error-page>
    </web-app>

HttpHeaderSecurityFilter里的 blockContentTypeSniffingEnabled 参数即对应的是你要的
X-Content-Type-Options的值,可以是nosniff等。

参考:
https://stackoverflow.com/que…

未经允许不得转载:H5W3 » javaweb项目,html文件放在了WebRoot下,如何拦截访问html的请求呀?

赞 (0)

评论 0

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址