2. 程式人生 > >Refused to display in a frame because it set 'X-Frame-Options' to 'DENY'的解決辦法

Refused to display in a frame because it set 'X-Frame-Options' to 'DENY'的解決辦法

阿新 發佈:2018-12-26

今天遇到了iframe模式上傳圖片或者iframe巢狀頁面時,會報如下異常資訊:“Refused to display in a frame because it set 'X-Frame-Options' to 'DENY' 這個問題找了好久資料,好多種解決方法:

一、

response.setHeader("X-Frame-Options", "SAMEORIGIN");// 解決IFrame拒絕的問題

二、tomcat的配置檔案web.xml下新增filter

<filter>
    <filter-name>httpHeaderSecurity</filter-name>
    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
    <init-param>
        <param-name>antiClickJackingEnabled</param-name>
        <param-value>true</param-value>
    </init-param>
    <init-param>
        <param-name>antiClickJackingOption</param-name>
        <param-value>SAMEORIGIN</param-value>
    </init-param>
    <async-supported>true</async-supported>
</filter>

<filter-mapping>
    <filter-name>httpHeaderSecurity</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

上面這兩種方法好像都不管用!

三、

<security:http auto-config="true" use-expressions="true">
    <security:headers>
        <security:frame-options policy="SAMEORIGIN"/>
    </security:headers>

 四、寫一個類繼承WebSecurityConfigurerAdapter,設定引數

package cn.wzz.web;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) //開啟security註解
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{

    @Bean
    @Override
    protected AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManager();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
    	// 關掉csrf的功能
    	http.csrf().disable();
    	// 跨域的問題
    	http.headers().frameOptions().disable();
    	
//        http.authorizeRequests()
        		//允許所有使用者訪問"/"和"/uploadFile"
//                .antMatchers("/uploadFile").permitAll()
                //其他地址的訪問均需驗證許可權
//                .anyRequest().authenticated()
//                .and()
//                .formLogin()
//                .loginPage("/login")  //指定登入頁是"/login"
//                .defaultSuccessUrl("/list")  //登入成功後預設跳轉到"list"
//                .permitAll()
//                .and()
//                .logout()
//                .logoutSuccessUrl("/home")  //退出登入後的預設url是"/home"
//                .permitAll();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        //解決靜態資源被攔截的問題
        web.ignoring().antMatchers("/static/**");
    }
}

 

這其實也是跨域問題的一種,介紹跨域問題的文章有兩篇不錯的   ==》

一個是思否上的:《不要再問我跨域的問題了》

一個是:《跨域問題出現原因和解決方案》

相關推薦

Refused to display in a frame because it set &#39;X-Frame-Options&#39; to &#39;DENY&#39;的解決辦法

今天遇到了iframe模式上傳圖片或者iframe巢狀頁面時,會報如下異常資訊:“Refused to display in a frame because it set 'X-Frame-Options' to 'DENY' 這個問題找了好久資料,好多種解決方法: 一、 response.

spring boot 異常Refused to display in a frame because it set 'X-Frame-Options' to 'DENY'

spring boot專案,請求回來,響應頭中X-Frame-Options被設定為DENY,如下圖 這個會導致使用iframe模式上傳圖片或者iframe巢狀頁面時,會報如下異常資訊: Refused to display in a frame bec

【GP的空間】EveryBody in the world should learn how to program a computer...because it teaches you how to think. \n --Steve Jobs

GP的空間 EveryBody in the world should learn how to program a computer...because it teaches you how to think....

mac安裝mysql5.7 Your password has expired. To log in you must change it using a cl...

問題描述:Your password has expired. To log in you must change it using a client that supports expired passwords. 解決辦法:root許可權登入mysql:mysql -uroot

mysql5.7.24啟動報錯:ERROR 1862 (HY000): Your password has expired. To log in you must change it using a client that supports expired passwords.

報錯原因是:密碼過期。不管你是剛剛修改密碼還是什麼,只要登陸都是有問題的,都是報這樣子的錯誤。 解決方法是: 1、修改/etc/my.cnf檔案,在[mysqld]下加入“skip-grant-tables”。 2、重啟mysql伺服器 3、登陸mysql [[email prote

Bitcoin can push global warming above 2 degrees C in a couple decades: It alone could produce enough emissions to raise global t

"Bitcoin is a cryptocurrency with heavy hardware requirements, and this obviously translates into large electricity demands," said Randi Rollins, a master

MySQL5.7出現Your password has expired. To log in you must change it using a client that supports expir

簡介 今天晚上本來想寫bootstrap-fileinput外掛整合fastdfs的文章,但是剛啟動idea裡面的QiYuAdmin就出現了錯誤: Your password has expired. To log in you must change it

【MySQL】MySQL 5.7 "Your password has expired.To log in you must change it using a client that suppor"

解決辦法1:更新密碼: set password=password('password'); 解決辦法2:禁用密碼有效期 ALTER USER 'root'@localhost' PASSWORD EXPIRE INTERVAL 90 DAYS; ALTER USER

java.sql.SQLException: Your password has expired. To log in you must change it using a client that s

java.sql.SQLException: Your password has expired.To log in you must change it using a client that supports expired passwords. com.mysql.jdbc.exceptions.j

Your password has expired. To log in you must change it using a client that supports expired passwor

開啟 命令列 /usr/local/mysql/bin/mysqladmin -u root -p password 提示輸入按照後的那個密碼 輸入完成後 提示輸入新的密碼 Enter pass

ERROR 1862 (HY000): Your password has expired. To log in you must change it using a client that supp

解決辦法: 先通過跳過授權表的方式啟動資料庫: mysqld_safe --user=mysql--datadir=/data/mysql --skip-grant-tables --skip-networking & 這樣就可以免密碼登入了。 然後修改該使用者密

Reasons To Invest In A Mini Self Loading Concrete Mixer

Were you aware that you will discover miniature self loading concrete mixers at very affordable prices from many manufacturers thro

The Most Notable Reasons To Invest In A Hollow Concrete Block Making Machine

Do you need a perception for any business which includes the possible to earn a lot of profit? Do you need to have the capacity to

Ask HN: What would you like to learn in a programming school in your town?

I've been thinking on a way to help my local community, of beginners or really anyone that wants to learn how to be a programmer, to grow.Opening a small s

Ask HN: What would you expect to see in a programming language website?

I am creating a website template for a programming language.What features or characteristics do you expect to see in a programming language site? Are there

匯出問題,Length of cell contents (text) 32,767 characters. Only 1,024 display in a cell; all 32,767 di

今天做匯出的時候發現一個問題,資料沒有匯出,在後臺發現  看日誌 Length of cell contents (text)   32,767 characters. Only 1,024 display in a cell; all 32,767 di excel表格的

Troubleshoot Issues Passing DHCP Parameters to Instances in a VPC

Amazon Web Services is Hiring. Amazon Web Services (AWS) is a dynamic, growing business unit within Amazon.com. We are currently hiring So

hibernate的報錯資訊a different object with the same identifier value was already associated with the session解決辦法

廢話不多說,直接說原因,這是在hibernate中,有2個相同型別的實體類具有同樣的主鍵識別符號,然後呼叫update或者呼叫saveOrUpdate,我朋友出這個錯的由於他想要update一條資料時,獲取主鍵時從資料庫查詢獲取,此時接收的物件的主鍵id是12,吧這個值賦給要更新入參的物件,2個物件的主鍵就都

關於ADB push 出現failed to copy &#39;D:\file.xtxt&#39; to &#39;/system/temp/&#39; : Read-only file system 的報錯資訊解決辦法

首先使用USB連線電腦與小機,然後安裝adb相應的驅動,這是第一步,也是必須要做的。 進入doc系統後,敲入adb shell  可以進入linux命令列狀態,說明adb可以使用了。 回到標題,我們現在要講的是adb push命令的使用。如果你的linux也安裝有adb命令的話,可以使用adb

A start job is running for Ralse network interfaces (*min *s / 5min 2s)問題解決辦法

解決辦法(指令):1.>    sudo vim /etc/systemd/system/network-online.target.wants/networking.service    2.>    (輸入你的root許可權密碼)    3.>    (