JAVAWEB项目报"xxx响应头缺失“漏洞处理方案

新增一个拦截器,在拦截器doFilter()方法增加以下代码

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {
        //增加响应头缺失代码
        HttpServletRequest req=(HttpServletRequest)request;
        HttpServletResponse res=(HttpServletResponse)response;
        res.addHeader("X-Frame-Options","SAMEORIGIN");
        res.addHeader("Referer-Policy","origin");
        res.addHeader("Content-Security-Policy","object-src 'self'");
        res.addHeader("X-Permitted-Cross-Domain-Policies","master-only");
        res.addHeader("X-Content-Type-Options","nosniff");
        res.addHeader("X-XSS-Protection","1; mode=block");
        res.addHeader("X-Download-Options","noopen");
 
        //处理cookie问题
        Cookie[] cookies = req.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                String value = cookie.getValue();
                StringBuilder builder = new StringBuilder();
                builder.append(cookie.getName()+"="+value+";");
                builder.append("Secure;");//Cookie设置Secure标识
                builder.append("HttpOnly;");//Cookie设置HttpOnly
                res.addHeader("Set-Cookie", builder.toString());
            }
 
        }
 
            chain.doFilter(request, response);
 
    }

  

posted @   yvioo  阅读(3522)  评论(0编辑  收藏  举报
编辑推荐:
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· 没有源码,如何修改代码逻辑?
阅读排行:
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· DeepSeek 开源周回顾「GitHub 热点速览」
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
点击右上角即可分享
微信分享提示