加入安全头

43d217c9 · fukai · bb18eaaf · 43d217c9
Commit 43d217c9 authored Jan 27, 2021 by fukai
Show whitespace changes
Inline Side-by-side

Showing with 23 additions and 0 deletions

SecurityInterceptor.java ...org/sss/presentation/noui/filter/SecurityInterceptor.java +23 -0

No files found.
--- a/src/main/java/org/sss/presentation/noui/filter/SecurityInterceptor.java
+++ b/src/main/java/org/sss/presentation/noui/filter/SecurityInterceptor.java
+package org.sss.presentation.noui.filter;
+
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * 设置安全头，将service层面都添加
+ */
+public class SecurityInterceptor extends HandlerInterceptorAdapter {
+
+	@Override
+	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+			throws Exception {
+		response.setHeader("X-Content-Type-Options", "nosniff");
+        response.setHeader("X-XSS-Protection", "1");
+        response.setHeader("Content-Security-Policy", "default-src 'self'");
+
+        return true;
+	}
+
+}