enum TYPE {none,self};
// Note: Content-Security Params need to be worked out for GUI before activating.
private final String xframe;//,csp;
-
+
public XFrameFilter(TYPE type) {
switch(type) {
case self:
xframe="DENY";
// csp="default-src 'none'";
break;
-
+
}
}
-
+
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain fc) throws IOException, ServletException {
if (resp instanceof HttpServletResponse) {