潘钊 / bsth_control · Commits

Commit 67010b57480be7654be78d73975e509dc7f75d72

Authored by 王通
1 parent 31c45a80
build: skipped

1.安全加固

Inline Side-by-side
Showing 1 changed file with 5 additions and 0 deletions
src/main/java/com/bsth/filter/AccessLogFilter.java
  View file @67010b5
... ... @@ -37,6 +37,11 @@ public class AccessLogFilter extends BaseFilter {
37 37 HttpServletResponse response, FilterChain chain)
38 38 throws IOException, ServletException {
39 39  
  40 + response.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
  41 + response.setHeader("Content-Security-Policy", "script-src * 'unsafe-inline' 'unsafe-eval'");
  42 + response.setHeader("X-Download-Options", "noopen");
  43 + response.setHeader("X-Permitted-Cross-Domain-Policies", "none");
  44 + response.setHeader("X-Frame-Options", "sameorigin");
40 45 SysUser user = null;
41 46 if (request.getParameter("token") != null) {
42 47 user = new SysUser();
... ...