← Back to team overview

dhis2-devs team mailing list archive

  1. dhis2-devs team
  2. Mailing list archive
  3. Message #32023

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 16352: Spring security, setting X-Content-Type-Options: nosniff, X-Frame-Options: DENY, X-XSS-Protection...

  Thread PreviousDate PreviousThread Next 
------------------------------------------------------------
revno: 16352
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Fri 2014-08-08 15:04:42 +0200
message:
  Spring security, setting X-Content-Type-Options: nosniff, X-Frame-Options: DENY, X-XSS-Protection: 1; mode=block headers to prevent XSS attacks.
modified:
  dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml	2014-07-09 09:26:23 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml	2014-08-08 13:04:42 +0000
@@ -39,6 +39,12 @@
       login-page="/dhis-web-commons/security/login.action"
       authentication-success-handler-ref="defaultAuthenticationSuccessHandler" />
 
+    <sec:headers>
+      <sec:content-type-options />
+      <sec:frame-options />
+      <sec:xss-protection />
+    </sec:headers>
+    
     <sec:http-basic />
     <sec:logout logout-url="/dhis-web-commons-security/logout.action" />
     <sec:intercept-url pattern="/dhis-web-commons/i18nJavaScript.action" access="permitAll()" />
  Thread PreviousDate PreviousThread Next