following the guide under: http://docs.spring.io/spring-security/s ... ers-static i set some headers (see the following Code).
Code: Select all
http.addFilterBefore(filter, CsrfFilter.class).authorizeRequests().anyRequest().authenticated().and()
.addFilter(preAuthFilter()).headers().cacheControl().and().frameOptions().and()
.addHeaderWriter(new StaticHeadersWriter("Content-Security-Policy", "default-src 'self'"))
.addHeaderWriter(new StaticHeadersWriter("X-Content-Security-Policy", "default-src 'self'"))
.addHeaderWriter(new StaticHeadersWriter("X-WebKit-CSP", "default-src 'self'"))
.addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN)).xssProtection();
Thanks a lot!