如何在 WSO2 5.4.1 中启用 X-Frame-Options?
How to enable X-Frame-Options in WSO2 5.4.1?
我尝试按照文档中的说明配置我的 jaggery.conf 文件以允许如下框架:
"filters":[
{
"name":"HttpHeaderSecurityFilter",
"class":"org.apache.catalina.filters.HttpHeaderSecurityFilter",
"params" : [
{"name" : "hstsEnabled", "value" : "false"},
{ "name": "antiClickJackingOption", "value": "SAMEORIGIN" }
]
},
{
"name": "ContentTypeBasedCachePreventionFilter",
"class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter",
"params":[
{"name": "patterns", "value": "text/html\" ,application/json\" ,plain/text"},
{"name": "filterAction", "value": "enforce"},
{"name": "httpHeaders", "value": "Cache-Control: no-store, no-cache, must-revalidate, private"}
]
}
],
尽管如此,在我的客户端应用程序中,我仍然收到一条消息,指出不允许使用框架。
Load denied by X-Frame-Options: https://localhost:9444/authenticationendpoint/oauth2_error.do?oauthErrorCode=invalid_callback&oauthErrorMsg=Registered+callback+does+not+match+with+the+provided+url. does not permit framing.
由于此问题来自 authenticationendpoint,您必须按如下方式在文件 <IS_HOME>/repository/deployment/server/webapps/authenticationendpoint/WEB-INF/web.xml 中配置 HttpHeaderSecurityFilter 过滤器。
<filter>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
顺便说一句,共享URL中的错误是Registered+callback+does+not+match+with+the+provided+url,你可以检查请求URL中定义的redirect_uri是否与配置的匹配服务提供商。
我尝试按照文档中的说明配置我的 jaggery.conf 文件以允许如下框架:
"filters":[
{
"name":"HttpHeaderSecurityFilter",
"class":"org.apache.catalina.filters.HttpHeaderSecurityFilter",
"params" : [
{"name" : "hstsEnabled", "value" : "false"},
{ "name": "antiClickJackingOption", "value": "SAMEORIGIN" }
]
},
{
"name": "ContentTypeBasedCachePreventionFilter",
"class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter",
"params":[
{"name": "patterns", "value": "text/html\" ,application/json\" ,plain/text"},
{"name": "filterAction", "value": "enforce"},
{"name": "httpHeaders", "value": "Cache-Control: no-store, no-cache, must-revalidate, private"}
]
}
],
尽管如此,在我的客户端应用程序中,我仍然收到一条消息,指出不允许使用框架。
Load denied by X-Frame-Options: https://localhost:9444/authenticationendpoint/oauth2_error.do?oauthErrorCode=invalid_callback&oauthErrorMsg=Registered+callback+does+not+match+with+the+provided+url. does not permit framing.
由于此问题来自 authenticationendpoint,您必须按如下方式在文件 <IS_HOME>/repository/deployment/server/webapps/authenticationendpoint/WEB-INF/web.xml 中配置 HttpHeaderSecurityFilter 过滤器。
<filter>
<filter-name>HttpHeaderSecurityFilter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
顺便说一句,共享URL中的错误是Registered+callback+does+not+match+with+the+provided+url,你可以检查请求URL中定义的redirect_uri是否与配置的匹配服务提供商。