import javax.servlet.http.HttpServletResponse;
public class XFrameFilter implements Filter {
- enum TYPE {none,self};
- // Note: Content-Security Params need to be worked out for GUI before activating.
- private final String xframe;//,csp;
-
- public XFrameFilter(TYPE type) {
- switch(type) {
- case self:
- xframe="SAMEORIGIN";
-// csp="default-src 'self'";
- break;
- case none:
- default:
- xframe="DENY";
-// csp="default-src 'none'";
- break;
-
- }
- }
-
- @Override
- public void doFilter(ServletRequest req, ServletResponse resp, FilterChain fc) throws IOException, ServletException {
- if(resp instanceof HttpServletResponse) {
- @SuppressWarnings("unused")
- HttpServletResponse hresp = (HttpServletResponse)resp;
- ((HttpServletResponse)resp).addHeader("X-Frame-Options", xframe);
-// ((HttpServletResponse)resp).addHeader("Content-Security-Policy",csp);
- }
- fc.doFilter(req, resp);
- }
+ enum TYPE {none,self};
+ // Note: Content-Security Params need to be worked out for GUI before activating.
+ private final String xframe;//,csp;
+
+ public XFrameFilter(TYPE type) {
+ switch(type) {
+ case self:
+ xframe="SAMEORIGIN";
+// csp="default-src 'self'";
+ break;
+ case none:
+ default:
+ xframe="DENY";
+// csp="default-src 'none'";
+ break;
+
+ }
+ }
+
+ @Override
+ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain fc) throws IOException, ServletException {
+ if(resp instanceof HttpServletResponse) {
+ @SuppressWarnings("unused")
+ HttpServletResponse hresp = (HttpServletResponse)resp;
+ ((HttpServletResponse)resp).addHeader("X-Frame-Options", xframe);
+// ((HttpServletResponse)resp).addHeader("Content-Security-Policy",csp);
+ }
+ fc.doFilter(req, resp);
+ }
- @Override
- public void init(FilterConfig fc) throws ServletException {
- }
+ @Override
+ public void init(FilterConfig fc) throws ServletException {
+ }
- @Override
- public void destroy() {
- }
+ @Override
+ public void destroy() {
+ }
}
Code Review / aaf / authz.git / blobdiff