ClickJacking filter to add X-FRAME-OPTIONS in response

Question

ClickJacking filter to add X-FRAME-OPTIONS in response

To allow clickJacking and block my site from opening iframes, I created a servlet filter to which I add the line below to add the response header X-FRAME-OPTIONS. But when I start the page and see the response headers of this page, I never get this header. Any idea why?

public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain ) throws IOException, ServletException { HttpServletResponse res = (HttpServletResponse)response; chain.doFilter(request, response); //Specify the mode res.addHeader("X-FRAME-OPTIONS", "DENY"); }

+7

java java-ee servlet-filters

Dev g Jul 07 '12 at 2:15

source share

1 answer

Devon_c_miller · Accepted Answer · 2012-07-07T02:56:23+0000

You need to add a header before calling doFilter . After the return time from doFilter headers and body are already sent, so your addHeader ignored.

ClickJacking filter to add X-FRAME-OPTIONS in response

More articles: