- enum TYPE {none,self};
- // Note: Content-Security Params need to be worked out for GUI before activating.
- private final String xframe;//,csp;
-
- public XFrameFilter(TYPE type) {
- switch(type) {
- case self:
- xframe="SAMEORIGIN";
-// csp="default-src 'self'";
- break;
- case none:
- default:
- xframe="DENY";
-// csp="default-src 'none'";
- break;
-
- }
- }
-
- @Override
- public void doFilter(ServletRequest req, ServletResponse resp, FilterChain fc) throws IOException, ServletException {
- if(resp instanceof HttpServletResponse) {
- @SuppressWarnings("unused")
- HttpServletResponse hresp = (HttpServletResponse)resp;
- ((HttpServletResponse)resp).addHeader("X-Frame-Options", xframe);
-// ((HttpServletResponse)resp).addHeader("Content-Security-Policy",csp);
- }
- fc.doFilter(req, resp);
- }
+ enum TYPE {none,self};
+ // Note: Content-Security Params need to be worked out for GUI before activating.
+ private final String xframe;//,csp;