Menu
In order to tackle clickJacking and blocking my site to be opened by iframe I have created a servlet filter in which I am adding below line to add "X-FRAME-OPTIONS" response header. But when I run page and see response headers of that page I never get this header in there. Any Idea why?
public void doFilter(
ServletRequest request, ServletResponse response, FilterChain chain
) throws IOException, ServletException
{
HttpServletResponse res = (HttpServletResponse)response;
chain.doFilter(request, response);
//Specify the mode
res.addHeader("X-FRAME-OPTIONS", "DENY");
}
682
You need to add the header before calling doFilter. By the time control returns from doFilter the headers and body have already been sent, so your addHeader is ignored.
120
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
