缺少“X-XSS-Protection”头 问题
AppScan检测问题:
缺少“Content-Security-Policy”头 5
缺少“X-Content-Type-Options”头 5
缺少“X-XSS-Protection”头 5
一、修改:tomcat web.xml ,加了如下filter,
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>*.jsp</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping >
二、启动后,报如下问题,不加这个filter就没有问题,用的是(springMVC ,hibernate)
spring的core jar包,lib目录下是有的。
九月 13, 2018 9:10:57 上午 org.apache.catalina.startup.Catalina start
信息: Server startup in 13413 ms
九月 13, 2018 9:10:59 上午 org.apache.catalina.loader.WebappClassLoader loadClass
信息: Illegal access: this web application instance has been stopped already. Could not load org.springframework.core.NestedExceptionUtils. The eventual following stack trace is caused by an error thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access, and has no functional impact.
java.lang.IllegalStateException
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1612)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1571)
at org.springframework.core.NestedRuntimeException.<clinit>(NestedRuntimeException.java:45)
at org.springframework.scheduling.quartz.SchedulerFactoryBean$1.run(SchedulerFactoryBean.java:672)
Exception in thread "Quartz Scheduler [localQuartzScheduler]" java.lang.NoClassDefFoundError: org/springframework/core/NestedExceptionUtils
at org.springframework.core.NestedRuntimeException.<clinit>(NestedRuntimeException.java:45)
at org.springframework.scheduling.quartz.SchedulerFactoryBean$1.run(SchedulerFactoryBean.java:672)
Caused by: java.lang.ClassNotFoundException: org.springframework.core.NestedExceptionUtils
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1720)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1571)
... 2 more