Enable X-XSS-Protection + X-Content-Type-Options headers for the webconsole

This commit is contained in:
Colm O hEigeartaigh 2019-02-13 21:29:51 +00:00
parent 1cf13c4742
commit a48cc820d2
1 changed files with 11 additions and 1 deletions

View File

@ -54,6 +54,16 @@
<property name="name" value="X-FRAME-OPTIONS"/>
<property name="value" value="SAMEORIGIN"/>
</bean>
<bean id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
<property name="pattern" value="*"/>
<property name="name" value="X-XSS-Protection"/>
<property name="value" value="1; mode=block"/>
</bean>
<bean id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
<property name="pattern" value="*"/>
<property name="name" value="X-Content-Type-Options"/>
<property name="value" value="nosniff"/>
</bean>
</list>
</property>
</bean>