我试图禁止在tomcat 9.x网络服务器上向其他网站发送引用者信息。我搜索了tomcat文档,但没有找到关于这个特定的referrer-policy的内容。
设置特殊(安全)响应标头是Web应用程序任务。您可以创建一个servlet Filter,根据需要添加标题:
public class MyFilter implements Filter
{
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
{
chain.doFilter(request, response);
HttpServletResponse httpServletResponse = ((HttpServletResponse) response);
httpServletResponse.addHeader("Referrer-Policy", "no-referrer");
}
// ...
}
或者,如果您使用Spring Security
,您可以使用their header configuration feature:
Spring Security
文档中的XML配置示例:
<http> <!-- ... --> <headers> <referrer-policy policy="same-origin" /> </headers> </http>
来自Spring Security
docs的示例Java配置:
@EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http // ... .headers() .referrerPolicy(ReferrerPolicy.SAME_ORIGIN); } }