一.谷歌瀏覽器訪問正常,ie卻不行,在新窗口卻是又能打開的
在同一個頁面里面有新的地址,這個不就是iframe技術嘛,ie不支持使用ALLOW-FROM *,修改為SAMEORIGIN
1.自己框架的
global-config.xml
<property name="parameter.x-frame-options" value="ALLOW-FROM *" />
<property name="parameter.x-frame-options" value="SAMEORIGIN" />
ALLOW-FROM *在ie瀏覽器中是不允許使用的
2.其他方式
方法一:修改tomcat配置文件
打開Tomcat配置文件(conf\web.xml)搜索 httpHeaderSecurity有兩處地方
<!--第一處將注釋放開-->
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
<!--新增內容-->
<init-param>
<param-name>antiClickJackingEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
<!--第二處-->
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
方法二:在項目過濾器中添加Header
@Override
public void doFilter(ServletRequest request, ServletResponse response)
throws IOException, ServletException {
HttpServletResponse resp = (HttpServletResponse) response;
resp.setHeader("x-frame-options","x-frame-options");
}
方法三:在jsp的公共頁面添加java代碼。(其實跟第二種一樣)
<%
response.setHeader("x-frame-options","x-frame-options");
%>