I am new in web application, I'm facing issue of clickjacking in my web app which can be deployed on Oracle Weblogic and IBM WebSphere and not using any HHTP server.
To prevent from clickjacking I got to know about X-Frame-Options to set on response header.
I get some information from X-Frame-Options how to set on HTTP server, but there were nothing specific to application server setting related to same.
I have following question -
1- Do we need a Web server to configure X-Frame-Options?
2- How to configure X-Frame-Options on Oracle Weblogic and IBM WebSphere
答案 0 :(得分:1)
您可以使用HTTPServletResponse.setHeader()
在任何servlet,jsp,servlet过滤器等中设置这些响应头。大多数HTTP代理服务器也可以操纵响应头,但这不是必需的。
WebSphere不会为您提供仅配置的方式来定制标题。