[SYNCOPE-1513] Allow to customize security headers - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.1.6, 3.0.0-M0
Component/s: console
Labels:
None

Description

At the moment the following security headers are statically set by SyncopeConsoleApplication:

                    response.setHeader("X-XSS-Protection", "1; mode=block");
                    response.setHeader("X-Content-Type-Options", "nosniff");
                    response.setHeader("X-Frame-Options", "sameorigin");

Improve this by changing the code above to read security headers from console.properties.

Attachments

Activity

People

Assignee:: Francesco Chicchiriccò

Reporter:: Francesco Chicchiriccò

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 20/Nov/19 09:41

Updated:: 29/Apr/20 07:37

Resolved:: 20/Nov/19 15:27