public class ClickjackFilter extends Object implements javax.servlet.Filter
ClickjackFilter
is configured as follows:
<filter> <filter-name>ClickjackFilterDeny</filter-name> <filter-class>org.owasp.filters.ClickjackFilter</filter-class> <init-param> <param-name>mode</param-name> <param-value>DENY</param-value> </init-param> </filter> <filter> <filter-name>ClickjackFilterSameOrigin</filter-name> <filter-class>org.owasp.filters.ClickjackFilter</filter-class> <init-param> <param-name>mode</param-name> <param-value>SAMEORIGIN</param-value> </init-param> </filter> <!-- use the Deny version to prevent anyone, including yourself, from framing the page --> <filter-mapping> <filter-name>ClickjackFilterDeny</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- use the SameOrigin version to allow your application to frame, but nobody else <filter-mapping> <filter-name>ClickjackFilterSameOrigin</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
Constructor and Description |
---|
ClickjackFilter() |
Modifier and Type | Method and Description |
---|---|
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain)
Add X-FRAME-OPTIONS response header to tell IE8 (and any other browsers who
decide to implement) not to display this content in a frame.
|
void |
init(javax.servlet.FilterConfig filterConfig)
Initialize "mode" parameter from web.xml.
|
public void init(javax.servlet.FilterConfig filterConfig)
init
in interface javax.servlet.Filter
filterConfig
- A filter configuration object used by a servlet container
to pass information to a filter during initialization.public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
doFilter
in interface javax.servlet.Filter
request
- The request object.response
- The response object.chain
- Refers to the FilterChain
object to pass control to the
next Filter
.IOException
javax.servlet.ServletException
public void destroy()
destroy
in interface javax.servlet.Filter
Copyright © 2022 The Open Web Application Security Project (OWASP). All rights reserved.