Skip to content
Snippets Groups Projects
Commit 4763a67d authored by Rustam Lotsmanenko (EPAM)'s avatar Rustam Lotsmanenko (EPAM)
Browse files

added hsts and csp response headers

parent 79549e89
No related branches found
No related tags found
1 merge request!158HSTS and CSP not implemented properly(GONRG-4460)
Pipeline #106264 passed with warnings
package org.opengroup.osdu.unitservice.middleware;
import java.io.IOException;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
import org.apache.http.HttpStatus;
import org.opengroup.osdu.core.common.http.ResponseHeadersFactory;
import org.opengroup.osdu.core.common.model.http.DpsHeaders;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
@Component
@RequiredArgsConstructor
public class ResponseHeaderFilter implements Filter {
private static final String OPTIONS_STRING = "OPTIONS";
private final DpsHeaders dpsHeaders;
// defaults to * for any front-end, string must be comma-delimited if more than one domain
@Value("${ACCESS_CONTROL_ALLOW_ORIGIN_DOMAINS:*}")
String ACCESS_CONTROL_ALLOW_ORIGIN_DOMAINS;
private ResponseHeadersFactory responseHeadersFactory = new ResponseHeadersFactory();
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
this.dpsHeaders.addCorrelationIdIfMissing();
Map<String, String> responseHeaders = responseHeadersFactory.getResponseHeaders(ACCESS_CONTROL_ALLOW_ORIGIN_DOMAINS);
for (Map.Entry<String, String> header : responseHeaders.entrySet()) {
httpResponse.addHeader(header.getKey(), header.getValue());
}
httpResponse.addHeader(DpsHeaders.CORRELATION_ID, this.dpsHeaders.getCorrelationId());
if (httpRequest.getMethod().equalsIgnoreCase(OPTIONS_STRING)) {
httpResponse.setStatus(HttpStatus.SC_OK);
}
chain.doFilter(httpRequest, httpResponse);
}
@Override
public void destroy() {
}
}
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment