解决方案：设置X-Frame-Options参数即可
具体操作步骤如下：
在上面filter基础上添加即可解决

httpResp.addHeader("x-frame-options","DENY");

附上源码：

package com.sinosoft.fis.util;import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;/*** 功能描述:* <p>*   1.Cookie 设置 httpOnly属性 Cookie *   2.设置 httpOnly属性防止js读取cookie* </p>** @author gblfy*/
public class CookieHttpOnlyFilter implements Filter {public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)throws IOException, ServletException {if (!(request instanceof HttpServletRequest)) {chain.doFilter(request, response);return;}HttpServletRequest httpReq = (HttpServletRequest) request;HttpServletResponse httpResp = (HttpServletResponse) response;Cookie[] cookies = httpReq.getCookies();if (cookies != null) {Cookie cookie = cookies[0];if (cookie != null) {HttpSession session = httpReq.getSession();if (session != null) {String sessionId = session.getId();// http设置httpResp.addHeader("Set-Cookie", "JSESSIONID=" + sessionId + "; Path=/fis; HttpOnly");httpResp.addHeader("x-frame-options","DENY");
//					httpResp.addHeader("x-frame-options","SAMEORIGIN");// https设置
//	                    httpResp.addHeader("Set-Cookie", "JSESSIONID=" + sessionId
//	                            + "; Path=/admin;Secure; HttpOnly");}}}chain.doFilter(httpReq, httpResp);}public void destroy() {}public void init(FilterConfig filterConfig) throws ServletException {}}

谷歌测试效果图：

漏洞参考连接：
https://www.cnblogs.com/wdnnccey/p/6476518.html