SORMAS-Foundation#2991 - add security headers to vaadin response headers

barnabartha · barnabartha · commit 888dc21ba254 · 2020-10-09T08:34:26.000+03:00
diff --git a/sormas-ui/src/main/java/de/symeda/sormas/ui/SessionFilter.java b/sormas-ui/src/main/java/de/symeda/sormas/ui/SessionFilter.java
@@ -28,6 +28,7 @@
 import javax.servlet.ServletResponse;
 import javax.servlet.annotation.WebFilter;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 import de.symeda.sormas.api.FacadeProvider;
@@ -66,6 +67,10 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
 		I18nProperties.setUserLanguage(userLanguage);
 		BaseControllerProvider.requestStart(controllerProvider);
 
+		final HttpServletResponse res = (HttpServletResponse)response;
+		res.addHeader("X-Content-Type-Options", "nosniff" );
+		res.addHeader("Referrer-Policy", "same-origin" );
+
 		try {
 			sessionFilterBean.doFilter(chain, request, response);
 		} finally {
