HTTP Security: Difference between revisions
Jump to navigation
Jump to search
| Line 26: | Line 26: | ||
* [https://content-security-policy.com/ Content Security Policy Reference] | * [https://content-security-policy.com/ Content Security Policy Reference] | ||
* [https://www.validbot.com/header/Permissions-Policy.html Permissions-Policy] | * [https://www.validbot.com/header/Permissions-Policy.html Permissions-Policy] | ||
| valign="top" | | |||
| valign="top" | | |||
|- | |||
| colspan="3" | | |||
---- | |||
|- | |||
| valign="top" | | |||
* [https://securityheaders.com/?q=https%3A%2F%2Fcdn.chorke.org%2Fwiki&followRedirects=on Scan » cdn.chorke.org/wiki] | |||
* [https://securityheaders.com/?q=https%3A%2F%2Fshahed.biz&followRedirects=on Scan » shahed.biz] | |||
| valign="top" | | | valign="top" | | ||
Revision as of 21:10, 5 February 2024
@Component
@WebFilter(urlPatterns = {"/*"})
public class ResponseHeaderWebFilter implements Filter {
@Override
public void doFilter(
ServletRequest request,
ServletResponse response, FilterChain chain
) throws IOException, ServletException {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
httpServletResponse.setHeader("Content-Security-Policy", "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:;");
httpServletResponse.setHeader("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains ; preload");
httpServletResponse.setHeader("Permissions-Policy", "geolocation 'self'; payment 'none'");
httpServletResponse.setHeader("X-Content-Type-Options", "nosniff");
httpServletResponse.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
httpServletResponse.setHeader("X-Frame-Options", "DENY");
chain.doFilter(request, response);
}
}
References
|
| ||
|
| ||