SORMAS-Foundation#2991 - add security headers to vaadin response headers

barnabartha · barnabartha · commit 66e1d951ea3d · 2020-10-09T08:41:39.000+03:00
diff --git a/sormas-api/src/main/java/de/symeda/sormas/api/ResourceBundle.java b/sormas-api/src/main/java/de/symeda/sormas/api/ResourceBundle.java
@@ -1,7 +1,5 @@
 package de.symeda.sormas.api;
 
-import org.apache.commons.text.StringEscapeUtils;
-
 public class ResourceBundle {
 
 	private java.util.ResourceBundle resourceBundle;
diff --git a/sormas-ui/src/main/java/de/symeda/sormas/ui/SessionFilter.java b/sormas-ui/src/main/java/de/symeda/sormas/ui/SessionFilter.java
@@ -69,6 +69,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
 
 		final HttpServletResponse res = (HttpServletResponse)response;
 		res.addHeader("X-Content-Type-Options", "nosniff" );
+		res.addHeader("X-Frame-Options", "SAMEORIGIN" );
 		res.addHeader("Referrer-Policy", "same-origin" );
 
 		try {
