新增一個攔截器,在攔截器doFilter()方法增加以下代碼
public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {
//增加響應頭缺失代碼
HttpServletRequest req=(HttpServletRequest)request;
HttpServletResponse res=(HttpServletResponse)response;
res.addHeader("X-Frame-Options","SAMEORIGIN");
res.addHeader("Referer-Policy","origin");
res.addHeader("Content-Security-Policy","object-src 'self'");
res.addHeader("X-Permitted-Cross-Domain-Policies","master-only");
res.addHeader("X-Content-Type-Options","nosniff");
res.addHeader("X-XSS-Protection","1; mode=block");
res.addHeader("X-Download-Options","noopen");
//處理cookie問題
Cookie[] cookies = req.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
String value = cookie.getValue();
StringBuilder builder = new StringBuilder();
builder.append(cookie.getName()+"="+value+";");
builder.append("Secure;");//Cookie設置Secure標識
builder.append("HttpOnly;");//Cookie設置HttpOnly
res.addHeader("Set-Cookie", builder.toString());
}
}
chain.doFilter(request, response);
}