一、背景环境
系统部署Windows环境,使用的是Tomcat,同时启动前后端一起的。
想不到吧!Win11当服务器,部署网站
二、安全扫描
三、可行性方案
四、终极方案
response.setHeader("X-Permitted-Cross-Domain-Policies", "master-only");
response.setHeader("X-Download-Options", "noopen");
response.setHeader("Referrer-Policy", "no-referrer-when-downgrade");
response.setHeader("Strict-Transport-Security", "max-age=31536000;includeSubDomains");
response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "*");
response.setHeader("Access-Control-Max-Age", "1728000");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
response.addHeader("X-Frame-Options","sameorigin");
response.addHeader("Content-Security-Policy","default-src *; script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline'; font-src *; media-src *;object-src * ");
