Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-10-26 08:06:09 +01:00
Code Issues Packages Projects Releases Activity

Set Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy headers

Browse Source
This commit is contained in:
Rene Pfeuffer
2025-08-11 09:08:28 +02:00
committed by Florian Scholdei
parent 218f669f3d
commit 57f15f3ac4
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gradle/changelog/cross_origin_header.yaml Normal file
View File

@@ -0,0 +1,2 @@
- type: fixed
description: Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy headers added to all responses

2
scm-webapp/src/main/java/sonia/scm/filter/SecurityHeadersFilter.java
View File

@@ -44,6 +44,8 @@ public class SecurityHeadersFilter extends HttpFilter {
if (contextProvider.getStage() != Stage.TESTING) {
response.setHeader("X-Frame-Options", "sameorigin");
response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Cross-Origin-Opener-Policy", "same-origin");
response.setHeader("Cross-Origin-Embedder-Policy", "require-corp");
response.setHeader("Content-Security-Policy",
"form-action 'self'; " +
"object-src 'self'; " +