| | |
|---|
| | | resp.addHeader("X-XSS-Protection","1; mode=block"); |
|---|
| | | resp.addHeader("X-Download-Options","noopen"); |
|---|
| | | resp.addHeader("Strict-Transport-Security","max-age=63072000; includeSubdomains; preload");*/ |
|---|
| | | resp.setHeader("X-Frame-Options","SAMEORIGIN"); |
|---|
| | | //resp.setHeader("X-Frame-Options","SAMEORIGIN"); |
|---|
| | | resp.setHeader("Referrer-Policy","origin"); |
|---|
| | | resp.setHeader("Content-Security-Policy","object-src 'self'"); |
|---|
| | | resp.setHeader("X-Permitted-Cross-Domain-Policies","master-only"); |
|---|
| | |
|---|
| | | resp.setHeader("X-Download-Options","noopen"); |
|---|
| | | resp.setHeader("Strict-Transport-Security","max-age=63072000; includeSubdomains; preload"); |
|---|
| | | |
|---|
| | | |
|---|
| | | //单页面应用,只允许一个页面index.html |
|---|
| | | String servletPath = req.getServletPath(); |
|---|
| | | if(servletPath.contains(".html")){ |
|---|
