diff options
Diffstat (limited to 'jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java')
-rw-r--r-- | jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java new file mode 100644 index 00000000000..f50e7454f19 --- /dev/null +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java @@ -0,0 +1,21 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.jdisc.http.filter.security.misc; + +import com.yahoo.jdisc.http.filter.DiscFilterResponse; +import com.yahoo.jdisc.http.filter.RequestView; +import com.yahoo.jdisc.http.filter.SecurityResponseFilter; + +/** + * Adds recommended security response headers intended for hardening Rest APIs over https. + * + * @author bjorncs + */ +public class SecurityHeadersResponseFilter implements SecurityResponseFilter { + + @Override + public void filter(DiscFilterResponse response, RequestView request) { + response.setHeader("Cache-control", "no-store"); + response.setHeader("Pragma", "no-cache"); + response.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains"); + } +} |