diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-06-05 16:17:47 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-06-05 16:17:47 +0200 |
commit | 3c081446258ad2bdec67534e45dbd533798e1e74 (patch) | |
tree | 992241a218bbb78d1847b5603217486afd35433f /jdisc-security-filters/src/main/java/com/yahoo | |
parent | 93736dace106d7a0ae4ee2508393a16cdc7c2f5c (diff) |
Add jdisc filter that adds recommened security-related response headers
Diffstat (limited to 'jdisc-security-filters/src/main/java/com/yahoo')
2 files changed, 29 insertions, 0 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java new file mode 100644 index 00000000000..f50e7454f19 --- /dev/null +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java @@ -0,0 +1,21 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.jdisc.http.filter.security.misc; + +import com.yahoo.jdisc.http.filter.DiscFilterResponse; +import com.yahoo.jdisc.http.filter.RequestView; +import com.yahoo.jdisc.http.filter.SecurityResponseFilter; + +/** + * Adds recommended security response headers intended for hardening Rest APIs over https. + * + * @author bjorncs + */ +public class SecurityHeadersResponseFilter implements SecurityResponseFilter { + + @Override + public void filter(DiscFilterResponse response, RequestView request) { + response.setHeader("Cache-control", "no-store"); + response.setHeader("Pragma", "no-cache"); + response.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains"); + } +} diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/package-info.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/package-info.java new file mode 100644 index 00000000000..b646e9e135e --- /dev/null +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/package-info.java @@ -0,0 +1,8 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +/** + * @author bjorncs + */ +@ExportPackage +package com.yahoo.jdisc.http.filter.security.misc; + +import com.yahoo.osgi.annotation.ExportPackage;
\ No newline at end of file |