vue.js - 如何在运行在 tomcat 上的 Vue App 中添加安全标头
问题描述
我有一个部署在运行 tomcat 9 的服务器上的 vue 应用程序。如何将 Feature-Policy 和 Expect-CT 标头添加到所有页面?
解决方案
将标头添加到响应的过滤器类
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
public class MyCustomHeadersFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse httpResp = (HttpServletResponse) response;
HeaderResponseWrapper headerResponseWrapper = new HeaderResponseWrapper(httpResp);
headerResponseWrapper.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
headerResponseWrapper.setHeader("Pragma", "no-cache"); // HTTP 1.0.
headerResponseWrapper.setHeader("Expires", "0"); // Proxies.
chain.doFilter(request, headerResponseWrapper);
}
@Override
public void destroy() {
}
}
HeaderResponseWrapper 类
import java.io.*;
import javax.servlet.http.*;
public class HeaderResponseWrapper extends HttpServletResponseWrapper {
private CharArrayWriter writer;
public HeaderResponseWrapper(HttpServletResponse response) {
super(response);
writer = new CharArrayWriter();
}
public PrintWriter getWriter() {
return new PrintWriter(writer);
}
public String toString() {
return writer.toString();
}
}
现在在 tomcat 的 web.xml 中添加这个类作为过滤器并将其映射到相关的 URL
<filter>
<filter-name>MyCustomHeadersFilter</filter-name>
<filter-class>com.headers.config.MyCustomHeadersFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>MyCustomHeadersFilter</filter-name>
<url-pattern>*.html</url-pattern>
</filter-mapping>