从 Spring 3.2 开始,我只需将其添加到我的安全xml:
<security:headers>
<security:frame-options
policy="SAMEORIGIN" />
</security:headers>
但 Spring版本3.1 不支持此功能,无需升级版本的任何解决方法?
这是3.1版的文档:
http://docs.spring.io/spring-security/site/docs/3.1.3.RELEASE/reference/springsecurity.html
答案 0 :(得分:1)
我相信// here make a SQL query (only one query is enough)
// on your database, for example :
$dates = array();
$q = "SELECT * FROM `events`";
if($res = $pdo->query($q) {
if($res = $res->fetchAll(PDO::FETCH_OBJ)) {
if(sizeof($res) > 0) {
foreach($res as $k => $d) {
$events[$d['date_start']] = $d;
}
}
}
}
echo "<tr>";
for ($i = 1; $i < $numDays + 1; $i++, $counter++) {
$timeStamp = strtotime ("$year-$month-$i");
if($i == 1){
$firstDay = date ("w", $timeStamp);
for ($j = 0; $j < $firstDay; $j++, $counter++) {
echo "<td> </td>"; //blank space
}
}
if($counter % 7 == 0 ) {
echo "<tr></tr>";
}
if (date("Y-m-d", $timeStamp) == date("Y-m-d")) {
$class = "today-date ";
}
if (array_key_exists(date("Y-m-d"), $events)) {
$class .= "event-date ";
}
// 1. solution based on your code
echo "<td class=\"$class\"><a href=\"\">$i</a></td>";
// 2. alternative with events in each day :
echo "<td class=\"$class\">";
if(sizeof($eventsOfTheDay = $events[$d['date_start']]) > 0 {
foreach($eventsOfTheDay as $k => $event) {
echo '<a href=?event_id="', $event['id'], '">', $event['name'], '</a><br>';
}
}
echo "</td>";
}
echo "</tr>";
实现了此配置背后的逻辑。它是在Spring 3.2中引入的,在该版本之前没有类似的东西。
如果您想自己实现,可以使用简单的过滤器:
XFrameOptionsHeaderWriter您需要在应用程序上下文中为此类创建一个bean:
public class XFrameOptionsHeaderFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
response.setHeader("X-Frame-Options", "SAMEORIGIN");
filterChain.doFilter(request, response);
}
}
然后在<bean id="xFrameOptionsHeaderFilter" class="your.package.XFrameOptionsHeaderFilter"/>
:
web.xml