如何在 WSO2 5.4.1 中启用 X-Frame-Options？答案

【问题标题】：How to enable X-Frame-Options in WSO2 5.4.1?如何在 WSO2 5.4.1 中启用 X-Frame-Options？
【发布时间】：2019-01-04 15:31:57
【问题描述】：

我尝试按照文档中的说明配置我的 jaggery.conf 文件，以允许按如下方式进行构图：

"filters":[
      {
        "name":"HttpHeaderSecurityFilter",
        "class":"org.apache.catalina.filters.HttpHeaderSecurityFilter",
        "params" : [
            {"name" : "hstsEnabled", "value" : "false"},
                        { "name": "antiClickJackingOption", "value": "SAMEORIGIN" }
             ]
      },
      {
        "name": "ContentTypeBasedCachePreventionFilter",
        "class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter",
        "params":[
          {"name": "patterns", "value": "text/html\" ,application/json\" ,plain/text"},
          {"name": "filterAction", "value": "enforce"},
          {"name": "httpHeaders", "value": "Cache-Control: no-store, no-cache, must-revalidate, private"}
        ]
      }
    ],

尽管在我的客户端应用程序中，我仍然收到一条消息说不允许使用框架。

Load denied by X-Frame-Options: https://localhost:9444/authenticationendpoint/oauth2_error.do?oauthErrorCode=invalid_callback&oauthErrorMsg=Registered+callback+does+not+match+with+the+provided+url. does not permit framing.

【问题讨论】：

标签： wso2 wso2carbon x-frame-options

【解决方案1】：

由于此问题来自authenticationendpoint，因此您必须在文件<IS_HOME>/repository/deployment/server/webapps/authenticationendpoint/WEB-INF/web.xml 中配置HttpHeaderSecurityFilter 过滤器，如下所示。

<filter>
    <filter-name>HttpHeaderSecurityFilter</filter-name>
    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
    <init-param>
        <param-name>hstsEnabled</param-name>
        <param-value>false</param-value>
    </init-param>
    <init-param>
        <param-name>antiClickJackingOption</param-name>
        <param-value>SAMEORIGIN</param-value>
    </init-param>
</filter>

顺便说一句，共享URL中的错误是Registered+callback+does+not+match+with+the+provided+url，您可以检查请求URL中定义的redirect_uri是否与服务提供者中配置的匹配。

【讨论】：