use in filter
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletResponse res = (HttpServletResponse)response; chain.doFilter(request, response); System.out.println("limit mode============"+mode); res.addHeader("X-FRAME-OPTIONS",mode ); }
The value of mode is:
DENY: The browser refuses the current page to load any frame page
SAMEORIGIN: The address of the frame page can only be the page under the same origin domain name
ALLOW-FROM: The origin is the page address that allows frame loading
In general use SAMEORIGIN