Adobe 38043740 - ColdFusion Standard - Mac Manual page 82

6.11 Adding ClickJacking Protection
ColdFusion 10 includes two new Servlet Filters CFClickJackFilterDeny and
CFClickJackFilterSameOrigin. When a URL is mapped to one of these servlets the X-Frame-Options
HTTP header will be returned with a value of DENY or SAMEORGIN. You can add a filter-mapping in
web.xml to enable these filters for a given URI, this functionality could also be accomplished at the web
server level.
6.12 Security Constraints in web.xml
The servlet container (Tomcat) can enforce certain security constraints to ensure that a given URI is secured,
or to limit certain URIs to HTTP POST over a secure (SSL) connection:
<security-constraint>
<display-name>POST SSL</display-name>
<web-resource-collection>
<web-resource-name>POST ONLY SSL</web-resource-name>
<url-pattern>/post/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<display-name>POST ONLY</display-name>
<web-resource-collection>
<web-resource-name>BLOCK NOT POST</web-resource-name>
<url-pattern>/post/*</url-pattern>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>
82