You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by cs...@apache.org on 2016/01/29 22:06:57 UTC

activemq git commit: https://issues.apache.org/jira/browse/AMQ-6113

Repository: activemq
Updated Branches:
  refs/heads/master 7eb25ec50 -> 186b5d0f3


https://issues.apache.org/jira/browse/AMQ-6113

Properly set the X-FRAME-OPTIONS header on web responses.


Project: http://git-wip-us.apache.org/repos/asf/activemq/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/186b5d0f
Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/186b5d0f
Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/186b5d0f

Branch: refs/heads/master
Commit: 186b5d0f305ed63b23a1db712a933aa4896006cf
Parents: 7eb25ec
Author: Christopher L. Shannon (cshannon) <ch...@gmail.com>
Authored: Fri Jan 29 21:05:35 2016 +0000
Committer: Christopher L. Shannon (cshannon) <ch...@gmail.com>
Committed: Fri Jan 29 21:05:35 2016 +0000

----------------------------------------------------------------------
 .../src/main/webapp/WEB-INF/web.xml             | 10 ++++
 .../src/main/webapp/WEB-INF/web.xml             |  9 ++++
 .../activemq/web/XFrameOptionsFilter.java       | 53 ++++++++++++++++++++
 3 files changed, 72 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq/blob/186b5d0f/activemq-web-console/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/activemq-web-console/src/main/webapp/WEB-INF/web.xml b/activemq-web-console/src/main/webapp/WEB-INF/web.xml
index 962713e..28a873c 100755
--- a/activemq-web-console/src/main/webapp/WEB-INF/web.xml
+++ b/activemq-web-console/src/main/webapp/WEB-INF/web.xml
@@ -25,6 +25,16 @@
     Apache ActiveMQ Web Console
   </description>
   <display-name>ActiveMQ Console</display-name>
+  
+  <filter>
+    <filter-name>XFrameOptions</filter-name>
+    <filter-class>org.apache.activemq.web.XFrameOptionsFilter</filter-class>
+  </filter>
+
+  <filter-mapping>
+    <filter-name>XFrameOptions</filter-name>
+    <url-pattern>/*</url-pattern>
+  </filter-mapping>
 
   <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
   <!--              Expose Spring POJOs to JSP                   .                                                             -->

http://git-wip-us.apache.org/repos/asf/activemq/blob/186b5d0f/activemq-web-demo/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/activemq-web-demo/src/main/webapp/WEB-INF/web.xml b/activemq-web-demo/src/main/webapp/WEB-INF/web.xml
index cd39366..39240d6 100755
--- a/activemq-web-demo/src/main/webapp/WEB-INF/web.xml
+++ b/activemq-web-demo/src/main/webapp/WEB-INF/web.xml
@@ -30,6 +30,15 @@
     </context-param>
 
 	<!-- filters -->
+    <filter>
+      <filter-name>XFrameOptions</filter-name>
+      <filter-class>org.apache.activemq.web.XFrameOptionsFilter</filter-class>
+    </filter>
+  
+    <filter-mapping>
+      <filter-name>XFrameOptions</filter-name>
+      <url-pattern>/*</url-pattern>
+    </filter-mapping>
 	<filter>
 		<filter-name>session</filter-name>
 		<filter-class>org.apache.activemq.web.SessionFilter</filter-class>

http://git-wip-us.apache.org/repos/asf/activemq/blob/186b5d0f/activemq-web/src/main/java/org/apache/activemq/web/XFrameOptionsFilter.java
----------------------------------------------------------------------
diff --git a/activemq-web/src/main/java/org/apache/activemq/web/XFrameOptionsFilter.java b/activemq-web/src/main/java/org/apache/activemq/web/XFrameOptionsFilter.java
new file mode 100644
index 0000000..e78c79f
--- /dev/null
+++ b/activemq-web/src/main/java/org/apache/activemq/web/XFrameOptionsFilter.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.web;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Filter to set the header X-FRAME-OPTIONS on web responses
+ *
+ */
+public class XFrameOptionsFilter implements Filter {
+
+    private static String SAMEORIGIN = "SAMEORIGIN";
+
+    @Override
+    public void init(FilterConfig config) throws ServletException {
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        HttpServletResponse servletResponse = (HttpServletResponse)response;
+        //Set all responses to SAMEORIGIN, can be switched to be configurable later if
+        //we need to conditionally set this
+        servletResponse.addHeader("X-FRAME-OPTIONS", SAMEORIGIN);
+        chain.doFilter(request, response);
+    }
+
+    @Override
+    public void destroy() {
+    }
+}