mindol1004/spring-boot-rest
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
7d5be17ce2e4ccd08d4d554cd8e9373bb9c7a86b
spring-boot-rest/spring-security-modules/spring-5-security/src/main/java/com/baeldung/xss/SecurityConf.java
Hamid Reza Sharifi 7d5be17ce2 Bael-4684-Prevent Cross-Site Scripting (XSS) in a Spring application-(new) (#10480) 
* #bael-4684: add main source code

* #bael-4684: add test

* #bael-4684: add required dependencies
2021-02-12 10:50:52 +00:00

26 lines
899 B
Java
Raw Blame History

package com.baeldung.xss;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class SecurityConf extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) {
// Ignoring here is only for this example. Normally people would apply their own authentication/authorization policies
web.ignoring().antMatchers("/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.headers()
.xssProtection()
.and()
.contentSecurityPolicy("script-src 'self'");
}
}
Reference in New Issue View Git Blame Copy Permalink