diff options
author | Morten Tokle <mortent@yahooinc.com> | 2022-10-25 13:09:09 +0200 |
---|---|---|
committer | Morten Tokle <mortent@yahooinc.com> | 2022-10-25 13:09:09 +0200 |
commit | 98a0d7cff2e297e7e6fb04ba9b9b5ba8cc0526a3 (patch) | |
tree | 4f964fd99a707ff0243a4ef2f815bed8cca08252 /jdisc-security-filters/src | |
parent | 70026cc89de5a1586f7b70e261d0f09c437a2263 (diff) |
Prevent browser API caching
Diffstat (limited to 'jdisc-security-filters/src')
2 files changed, 1 insertions, 2 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java index fd9c558f97b..e261f420e1c 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cors/CorsLogic.java @@ -22,7 +22,7 @@ class CorsLogic { "Okta-Access-Token,Okta-Refresh-Token,Vespa-Csrf-Token", "Access-Control-Allow-Methods", "OPTIONS,GET,PUT,DELETE,POST,PATCH", "Access-Control-Allow-Credentials", "true", - "Vary", "Origin" + "Vary", "*" ); static Map<String, String> createCorsResponseHeaders(String requestOriginHeader, diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java index 0059fcf1d25..520e22de136 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java @@ -20,6 +20,5 @@ public class SecurityHeadersResponseFilter implements SecurityResponseFilter { response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("X-Frame-Options", "DENY"); response.setHeader("Referrer-Policy", "strict-origin-when-cross-origin"); - response.setHeader("Vary", "*"); } } |