Enable X-XSS-Protection + X-Content-Type-Options headers for the webconsole

2019-02-13 21:29:51 +00:00 · 2019-02-13 21:29:51 +00:00 · a48cc820d2
parent 1cf13c4742
commit a48cc820d2
1 changed files with 11 additions and 1 deletions
--- a/assembly/src/release/conf/jetty.xml
+++ b/assembly/src/release/conf/jetty.xml
@ -54,6 +54,16 @@
                  <property name="name" value="X-FRAME-OPTIONS"/>
                  <property name="value" value="SAMEORIGIN"/>
                </bean>
+                <bean id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
+                  <property name="pattern" value="*"/>
+                  <property name="name" value="X-XSS-Protection"/>
+                  <property name="value" value="1; mode=block"/>
+                </bean>
+                <bean id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
+                  <property name="pattern" value="*"/>
+                  <property name="name" value="X-Content-Type-Options"/>
+                  <property name="value" value="nosniff"/>
+                </bean>
            </list>
        </property>
    </bean>
@ -172,4 +182,4 @@
    </bean>
    
    
-</beans>
+</beans>