user6549549
Reputation:
How to set x frame option in tomcat
As I found it can be easily set in Apache server: x-frame-options=allow in httpd-conf file
but how about tomcat? I am working with a version 7.0.57
Upvotes: 7
Views: 41524
Answers (3)
Max Yao
Reputation: 731
after tomcat 7.0.63
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
For filter-mapping part I have added.
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
Upvotes: 5
Andrew Lygin
Reputation: 6197
In Tomcat you need to use filters for that:
First, implement your own Filter. Something like this:
public class XFrameHeaderFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException {
((HttpServletResponse) resp).setHeader("x-frame-options", "allow");
chain.doFilter(req, resp);
}
}
Second, make this filter a part of your web.xml:
<filter>
<filter-name>x-frame-header</filter-name>
<filter-class>XFrameHeaderFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>x-frame-header</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Upvotes: 9
Related Questions
- Add JVM options in Tomcat
- tomcat X-Frame-Options or antiClickJackingEnabled
- X-Frame-Options Header Not Set in Apache Tomcat 8.5.9
- Set a basic Java option on Tomcat
- Conditionally set X-Frame-Option
- X-Frame-Options are not working correct for me
- Where add x-frame-options :sameorigin , in JSP , JAVA,WEB.xml , where?
- Xframe option in tomcat 7
- How do I set X-Frame-Options as response header in angularJS?
- Is X-Frame-Option configured on server side in tomcat 5.5.33 possible? If so how?