mindol1004/spring-boot-rest
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bael-4684-Prevent Cross-Site Scripting (XSS) in a Spring application-(new) (#10480)

Browse Source 
* #bael-4684: add main source code

* #bael-4684: add test

* #bael-4684: add required dependencies
This commit is contained in:
Hamid Reza Sharifi
2021-02-12 14:20:52 +03:30
committed by GitHub
parent 1c773ba6f2
commit 7d5be17ce2
10 changed files with 916 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/SecurityConf.java Normal file
View File

@@ -0,0 +1,25 @@
package com.baeldung.xss;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class SecurityConf extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) {
// Ignoring here is only for this example. Normally people would apply their own authentication/authorization policies
web.ignoring().antMatchers("/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.headers()
.xssProtection()
.and()
.contentSecurityPolicy("script-src 'self'");
}
}