java - ClickJacking Filter to add X-FRAME-OPTIONS in response -
in order tackle clickjacking , blocking site opened iframe have created servlet filter in adding below line add "x-frame-options" response header. when run page , see response headers of page never header in there. idea why?
public void dofilter( servletrequest request, servletresponse response, filterchain chain ) throws ioexception, servletexception { httpservletresponse res = (httpservletresponse)response; chain.dofilter(request, response); //specify mode res.addheader("x-frame-options", "deny"); }
you need add header before calling dofilter. time control returns dofilter headers , body have been sent, addheader ignored.
Comments
Post a Comment