@Component public class AddResponseHeaderFilter extends OncePerRequestFilter { @Override protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException { System.out.println("=====X-Frame-Options, SAMEORIGIN====="); String requestUrI = httpServletRequest.getRequestURI().toString(); //("x-frame-options","DENY"); // 拒绝任何域加载 httpServletResponse.addHeader("X-Frame-Options", "SAMEORIGIN"); filterChain.doFilter(httpServletRequest, httpServletResponse); } }