“X-Content-Type-Options”头缺失或不安全
1.Java办理response.addHeader("x-content-type-options","nosniff"); 位置:src/main/java/com/ruoyi/framework/interceptor/RepeatSubmitInterceptor.javahttps://img-blog.csdnimg.cn/27b0b1e34df74fdeab55e45e8500b3ce.png
2.Nginx Web服务器
在服务器块下的nginx.conf中添加参数
server {
listen 443;
server_nameds.v.com;# 驾驶安全
location / {
client_body_timeout7200;
proxy_read_timeout 7200;
proxy_send_timeout 7200;
proxy_pass http://127.0.0.1:9005/;
proxy_cookie_path / "/; httponly; secure; SameSite=Lax";
add_header X-Content-Type-Options nosniff;
}
ssl_certificate "/etc/nginx/ssl/ds/ds.v.com.pem";
ssl_certificate_key "/etc/nginx/ssl/ds/ds.v.com.key";
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_protocols TLSv1.3;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
} 下参数
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]