朋友負責的一個蘋果裝置管理系統是使用Jamf,有個本地的版本叫jamf Pro,是使用java+tomacat+mysql的一個系統,一個客戶希望添加hsts支援,預設的系統登入是下面樣子
網路中查詢到添加hsts的方式都是在tomacat中位於C:\Program Files\JSS\Tomcat\conf\web.xml中添加一些代碼,代碼用關鍵字查找大概都是類似這樣的內容
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
<filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <async-supported>true</async-supported> <init-param> <param-name>hstsEnabled</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>hstsMaxAgeSeconds</param-name> <param-value>31536000</param-value> </init-param> <init-param> <param-name>hstsIncludeSubDomains</param-name> <param-value>true</param-value> </init-param> </filter> <!-- The mapping for the HTTP header security Filter --> <filter-mapping> <filter-name>httpHeaderSecurity</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping> |
這個代碼添加到xml後重啟服務,可以看到系統已經針對hsts設定完畢
但jamf pro系統訪問會異常,顯示為左側正常,右側轉圈圈,看起來是一些內容無法載入。
可以看到右邊是一個框架,因為前面的設定是不允許進行嵌套頁面,所以要解決這個問題可以設定iframe的嵌套設定,代碼修改為下面的樣子:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
<filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <init-param> <param-name>antiClickJackingOption</param-name> <param-value>SAMEORIGIN</param-value> </init-param> <async-supported>true</async-supported> <init-param> <param-name>hstsEnabled</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>hstsMaxAgeSeconds</param-name> <param-value>31536000</param-value> </init-param> <init-param> <param-name>hstsIncludeSubDomains</param-name> <param-value>true</param-value> </init-param> </filter> <!-- The mapping for the HTTP header security Filter --> <filter-mapping> <filter-name>httpHeaderSecurity</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping> |
重新期銅tomcat的服務後,頁面訪問正常了
