Menu
I look spring web site and want to prevent my website form xss and xframe attack
But My english is not well enough to figure out what to set
Please guide me what else should I setting??
I just add a WebSecurityConfig.java under src/com/test/web/security
Here is my code :
package com.test.web.security;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
@Configuration
@ComponentScan
public class WebSecurityConfig extends
WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// ...
.headers();
}
}
753
If you just specify the same code that you have above, Spring Security should automatically add all of the relevant security headers. Per the docs:
If you are using Spring Security’s Java configuration, all of the default security headers are added by default.
Also:
As soon as you specify any headers that should be included, then only those headers will be include
See details and code samples in this section:
http://docs.spring.io/spring-security/site/docs/3.2.0.RELEASE/reference/htmlsingle/#default-security-headers
109
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
