本文介绍了在JBoss EAP 7中配置Http标头的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

您是否知道是否存在配置JBoss EAP 7发送给客户端的Http标头的标准方法?我主要对能够配置以下内容感兴趣:

Do you know if there is a standard way to configure the Http Headers that JBoss EAP 7 sends to the client?I am mainly interested in being able to configure the following ones:

  • X-XSS-保护
  • X-Frame-Options
  • 严格的运输安全性
  • 内容安全政策
  • X-Content-Type-Options

我在互联网上找到了此链接

I found this link on the internet

https://blog.akquinet.de/2017/08/03/wildfly-8-10-and-jboss-eap-7-verbose-http-headers/

但是我不确定是否可以将其用于我感兴趣的标题.

but I am not sure whether I can use it for the headers I am interested in.

谢谢!

推荐答案

根据JBoss EAP 7文档:

As per the JBoss EAP 7 documentation:

Undertow(在JBoss EAP 7中替代了JBoss Web)不支持阀门.但是,您应该能够通过使用Undertow处理程序来实现类似的功能. Undertow包含许多提供通用功能的内置处理程序.它还提供了创建自定义处理程序的功能,可用于替换自定义阀门功能.

Undertow, which replaces JBoss Web in JBoss EAP 7, does not support valves; however, you should be able to achieve similar functionality by using Undertow handlers. Undertow includes a number of built-in handlers that provide common functionality. It also provides the ability to create custom handlers, which can be used to replace custom valve functionality.

对于复杂的情况,您仍然可以采用这种方法,但是现在,在使用Undertow时,添加响应标头得到了简化,因为您可以将自定义标头添加到JBoss Undertow子系统中,因此您的过滤器部分将有所不同:

You can still go this route for complex situations however now in utilizing Undertow add response headers been simplified as you can just add custom headers to the JBoss Undertow Subsystem, you're filters section will change from this:

<filters>
    <response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
    <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>


为此:

<filters>
    <response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
    <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
    <!-- Begin custom Headers -->
    <response-header name="x-xss-protection" header-name="X-XSS-Protection" header-value=""/>
    <response-header name="x-frame-options" header-name="X-Frame-Options" header-value=""/>
    <response-header name="strict-transport-security" header-name="Strict-Transport-Security" header-value=""/>
    <response-header name="content-security-policy" header-name="Content-Security-Policy" header-value=""/>
    <response-header name="x-Content-type-options" header-name="X-Content-Type-Options" header-value=""/>
</filters>

我将由其他所有人决定要为标题放置的值(在复制/粘贴期间保存一些编辑操作)

I'll leave it up to everyone else to determine the values they'd like to place for the headers (save some editing during copy/paste)

这篇关于在JBoss EAP 7中配置Http标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-19 10:21