You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2019/02/15 17:06:51 UTC
[karaf] branch karaf-4.2.x updated: Set some standard security
headers for the webconsole
This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch karaf-4.2.x
in repository https://gitbox.apache.org/repos/asf/karaf.git
The following commit(s) were added to refs/heads/karaf-4.2.x by this push:
new 0a480c2 Set some standard security headers for the webconsole
0a480c2 is described below
commit 0a480c2cba9b283b3ec5fa817b904acfa8c531dd
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Feb 15 14:11:27 2019 +0000
Set some standard security headers for the webconsole
---
.../apache/felix/webconsole/internal/servlet/KarafOsgiManager.java | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/servlet/KarafOsgiManager.java b/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/servlet/KarafOsgiManager.java
index 8d13f89..880b478 100644
--- a/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/servlet/KarafOsgiManager.java
+++ b/webconsole/console/src/main/java/org/apache/felix/webconsole/internal/servlet/KarafOsgiManager.java
@@ -72,6 +72,10 @@ public class KarafOsgiManager extends OsgiManager {
}
protected void doService(final HttpServletRequest req, final HttpServletResponse res) throws ServletException, IOException {
+ // Add some standard security HTTP headers
+ res.setHeader("X-FRAME-OPTIONS", "SAMEORIGIN");
+ res.setHeader("X-XSS-Protection", "1; mode=block");
+ res.setHeader("X-Content-Type-Options", "nosniff");
super.service(req, res);
}
}