Last active
October 5, 2017 16:02
-
-
Save rcaneppele/3b871603e25a4c614d650baa68cf7d5b to your computer and use it in GitHub Desktop.
Filtro para definir Header CSP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@WebFilter("/*") | |
public class CSPFilter implements Filter { | |
private static final String POLICY = "default-src 'none';" | |
+ "base-uri 'self';" | |
+ "font-src 'self';" | |
+ "form-action 'self';" | |
+ "img-src 'self';" | |
+ "media-src 'none';" | |
+ "object-src 'none';" | |
+ "script-src 'self';" | |
+ "style-src 'self' 'unsafe-inline'"; | |
public void destroy() { | |
} | |
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { | |
HttpServletResponse httpResponse = (HttpServletResponse) response; | |
httpResponse.addHeader("Content-Security-Policy", POLICY); | |
chain.doFilter(request, response); | |
} | |
public void init(FilterConfig fConfig) throws ServletException { | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- Caso o servidor nao suporte servlet 3.0 --> | |
<filter> | |
<display-name>CSPFilter</display-name> | |
<filter-name>CSPFilter</filter-name> | |
<filter-class>br.com.epapum.home.CSPFilter</filter-class> | |
</filter> | |
<filter-mapping> | |
<filter-name>CSPFilter</filter-name> | |
<url-pattern>/CSPFilter</url-pattern> | |
</filter-mapping> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment