How to set x frame parameter in tomcat

Question

How to set x frame parameter in tomcat

As I understand it, it can be easily installed on the Apache server: x-frame-options = allow in the httpd-conf file

but what about tomcat? I am working with version 7.0.57

+4

tomcat

user6549549 Jul 05 '16 at 4:39

source share

3 answers

In Tomcat, you need to use filters for this:

First create your own Filter. Something like that:

public class XFrameHeaderFilter implements Filter {
    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException {
        ((HttpServletResponse) resp).setHeader("x-frame-options", "allow");
        chain.doFilter(req, resp);
    }
}

Secondly, make this filter part of your web.xml:

<filter>
  <filter-name>x-frame-header</filter-name>
  <filter-class>XFrameHeaderFilter</filter-class>
</filter>
<filter-mapping>
  <filter-name>x-frame-header</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

+5

Andrew Lygin Jul 05 '16 at 5:03

source share

after tomcat 7.0.63

<filter>
    <filter-name>httpHeaderSecurity</filter-name>
    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
    <init-param>
        <param-name>antiClickJackingOption</param-name>
        <param-value>SAMEORIGIN</param-value>
    </init-param>
</filter>

For the filter-filter part, I added.

<filter-mapping>
    <filter-name>httpHeaderSecurity</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>

0

Max yao Apr 13 '18 at 1:28

source share

Kevin li · Accepted Answer · 2016-07-05T10:34:27+0000

Tomcat only supports the configuration from version 7.0.63 above.

How to set x frame parameter in tomcat

More articles: