问题描述
我正在研究各种可用的解决方案,以防止grails应用程序中的点击劫持.解决方案之一是使用X-Frame.因此,我找到了 mrhaki编写的grails插件 X-Frame-Options插件.em>.
I was going through different solutions available for preventing clickjacking in a grails application. One of the solutions was using X-Frame. So, I found a grails plugin, X-Frame-Options Plugin, by mrhaki.
添加响应标头是我的目的
It is serving my purpose of adding a response header
每个回应.太好了!
我读到有一个现代的解决方案-Content-Security-Policy标头.我无法为我的Grails应用程序配置它.有人可以帮忙吗?
I read there was a modern solution - Content-Security-Policy header. I'm unable to configure this for my Grails application. Could someone help?
推荐答案
X-Frame-Options插件很简单,它插入Servlet过滤器以向请求添加标头.根据您的情况,建议您创建自己的servlet过滤器以添加Content-Security-Policy标头.
The X-Frame-Options plugin is simple and inserts a servlet filter to add a header to requests. For your situation I'd recommend creating your own servlet filter to add the Content-Security-Policy headers.
You can see an example here of how to add a header:https://github.com/mrhaki/grails-x-frame-options-plugin/blob/df230a9f01cd2e1c6ac4be6d9eac41fbcae48293/src/main/groovy/com/mrhaki/grails/plugin/xframeoptions/web/XFrameOptionsFilter.groovy#L69
另一种选择是在应用程序的前端使用Web服务器(Apache httpd或nginx)添加标头.
Another option would be to use your web server infront of your app (apache httpd or nginx) to add the headers.
这篇关于为Grails 2.5应用程序配置Content-Security-Policy标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!