jomu/shared
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases 7 Activity

added X-XSS-Protection header

Browse Source
This commit is contained in:
jomu
2016-09-22 08:09:16 +00:00
parent 2ead80fee8
commit 2471221bda
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
jeeutil/src/main/java/de/muehlencord/shared/jeeutil/OwaspStandardFilter.java
View File

@ -47,6 +47,9 @@ public class OwaspStandardFilter implements Filter {
// X-FRAME-OPTIONS: Clickjacking protection: "deny" - no rendering within a frame, "sameorigin" - no rendering if origin mismatch // X-FRAME-OPTIONS: Clickjacking protection: "deny" - no rendering within a frame, "sameorigin" - no rendering if origin mismatch
res.addHeader("X-FRAME-OPTIONS", mode); res.addHeader("X-FRAME-OPTIONS", mode);
// Ensure that the web browser's XSS filter is enabled, by setting the X-XSS-Protection HTTP response header to '1'.
res.addHeader("X-XSS-Protection", "1");
// X-Content-Type-Options the only defined value, "nosniff", // X-Content-Type-Options the only defined value, "nosniff",
// The only defined value, "nosniff", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type. // The only defined value, "nosniff", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
// This also applies to Google Chrome, when downloading extensions. // This also applies to Google Chrome, when downloading extensions.