Package org.owasp.esapi.filters
Class ClickjackFilter
- java.lang.Object
-
- org.owasp.esapi.filters.ClickjackFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
public class ClickjackFilter extends java.lang.Object implements javax.servlet.FilterTheClickjackFilteris discussed at
-
-
Constructor Summary
Constructors Constructor Description ClickjackFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voiddestroy()voiddoFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)Add X-FRAME-OPTIONS response header to tell IE8 (and any other browsers who decide to implement) not to display this content in a frame.voidinit(javax.servlet.FilterConfig filterConfig)Initialize "mode" parameter from web.xml.
-
-
-
Method Detail
-
init
public void init(javax.servlet.FilterConfig filterConfig)
Initialize "mode" parameter from web.xml. Valid values are "DENY" and "SAMEORIGIN". If you leave this parameter out, the default is to use the DENY mode.- Specified by:
initin interfacejavax.servlet.Filter- Parameters:
filterConfig- A filter configuration object used by a servlet container to pass information to a filter during initialization.
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletExceptionAdd X-FRAME-OPTIONS response header to tell IE8 (and any other browsers who decide to implement) not to display this content in a frame. For details, please refer to- Specified by:
doFilterin interfacejavax.servlet.Filter- Throws:
java.io.IOExceptionjavax.servlet.ServletException
-
destroy
public void destroy()
- Specified by:
destroyin interfacejavax.servlet.Filter
-
-