Skip to content
This repository was archived by the owner on May 5, 2021. It is now read-only.

Commit 4ce51e0

Browse files
author
Martin Wahnschaffe
authored
Merge pull request SORMAS-Foundation#3118 from hzi-braunschweig/feature-2991-SecurityHeaders
Feature 2991 security headers
2 parents 80b58c8 + b8a0afe commit 4ce51e0

2 files changed

Lines changed: 6 additions & 2 deletions

File tree

sormas-api/src/main/java/de/symeda/sormas/api/ResourceBundle.java

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,5 @@
11
package de.symeda.sormas.api;
22

3-
import org.apache.commons.text.StringEscapeUtils;
4-
53
public class ResourceBundle {
64

75
private java.util.ResourceBundle resourceBundle;

sormas-ui/src/main/java/de/symeda/sormas/ui/SessionFilter.java

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@
2828
import javax.servlet.ServletResponse;
2929
import javax.servlet.annotation.WebFilter;
3030
import javax.servlet.http.HttpServletRequest;
31+
import javax.servlet.http.HttpServletResponse;
3132
import javax.servlet.http.HttpSession;
3233

3334
import de.symeda.sormas.api.FacadeProvider;
@@ -66,6 +67,11 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
6667
I18nProperties.setUserLanguage(userLanguage);
6768
BaseControllerProvider.requestStart(controllerProvider);
6869

70+
final HttpServletResponse res = (HttpServletResponse)response;
71+
res.addHeader("X-Content-Type-Options", "nosniff" );
72+
res.addHeader("X-Frame-Options", "SAMEORIGIN" );
73+
res.addHeader("Referrer-Policy", "same-origin" );
74+
6975
try {
7076
sessionFilterBean.doFilter(chain, request, response);
7177
} finally {

0 commit comments

Comments
 (0)