SEC-2230: Polish headers reference
This commit is contained in:
Rob Winch
parent
bc8ff9590c
commit
988e97e366
|
|
@ -614,24 +614,36 @@ List<OpenIDAttribute> attributes = token.getAttributes();</programlisting>The
|
||||||
<para>A lot of different attacks to hijack content, sessions or connections are available and lately
|
<para>A lot of different attacks to hijack content, sessions or connections are available and lately
|
||||||
browsers (optionally) can help to prevent those attacks. To enable these features we need to send some
|
browsers (optionally) can help to prevent those attacks. To enable these features we need to send some
|
||||||
additional headers to the client. Spring Security allows for easy configuration for several headers.
|
additional headers to the client. Spring Security allows for easy configuration for several headers.
|
||||||
|
<progamlisting language="xml">
|
||||||
|
<![CDATA[
|
||||||
|
<headers/>
|
||||||
|
]]>
|
||||||
|
</progamlisting>
|
||||||
|
</para>
|
||||||
|
<para>Specifying the single headers element adds all the explicitly supported headers
|
||||||
|
with their default settings. If you only want select headers to be added,
|
||||||
|
you can add one or more of the child elements as shown below.
|
||||||
<progamlisting language="xml">
|
<progamlisting language="xml">
|
||||||
<![CDATA[
|
<![CDATA[
|
||||||
<headers>
|
<headers>
|
||||||
<!-- Add Cache-Control and Pragma headers -->
|
<!-- Add Cache-Control and Pragma headers -->
|
||||||
<cache-control/>
|
<cache-control/>
|
||||||
<!-- Adds X-XSS-Protection with value of 1 -->
|
|
||||||
<xss-protection/>
|
|
||||||
<!-- Add X-Frame-Options with a value of DENY -->
|
|
||||||
<frame-options/>
|
|
||||||
<!-- Add X-Content-Type-Options with value of nosniff -->
|
<!-- Add X-Content-Type-Options with value of nosniff -->
|
||||||
<content-type-options/>
|
<content-type-options/>
|
||||||
<!-- Add custom headers -->
|
<!-- Add custom headers -->
|
||||||
<header name="foo" value="bar"/>
|
<header name="foo" value="bar"/>
|
||||||
|
<-- Adds HTTP Strict Transport Security (HSTS) for secure requests -->
|
||||||
|
<hsts/>
|
||||||
|
<!-- Add X-Frame-Options with a value of DENY -->
|
||||||
|
<frame-options/>
|
||||||
|
<!-- Adds X-XSS-Protection with value of 1; mode=block-->
|
||||||
|
<xss-protection/>
|
||||||
</headers>
|
</headers>
|
||||||
]]>
|
]]>
|
||||||
</progamlisting>
|
</progamlisting>
|
||||||
</para>
|
</para>
|
||||||
<para>For additional information refer to <link xlink:href="nsa-headers">headers</link> section of the Security Namespace appendix.</para>
|
<para>For additional information on how to customize the headers element refer to the <link xlink:href="nsa-headers">headers</link>
|
||||||
|
section of the Security Namespace appendix.</para>
|
||||||
</section>
|
</section>
|
||||||
<section xml:id="ns-custom-filters">
|
<section xml:id="ns-custom-filters">
|
||||||
<title>Adding in Your Own Filters</title>
|
<title>Adding in Your Own Filters</title>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue