|
@@ -35,9 +35,10 @@ public class InterfaceLimitFilter extends OncePerRequestFilter {
|
|
|
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
|
|
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
|
|
|
throws ServletException, IOException {
|
|
throws ServletException, IOException {
|
|
|
response.setHeader("Strict-Transport-Security", "max-age=63072000;includeSubDomains;preload");
|
|
response.setHeader("Strict-Transport-Security", "max-age=63072000;includeSubDomains;preload");
|
|
|
- response.addHeader("Content-Security-Policy","object-src 'self'");
|
|
|
|
|
- response.addHeader("X-Content-Type-Options","nosniff");
|
|
|
|
|
- response.addHeader("X-XSS-Protection","1; mode=block");
|
|
|
|
|
|
|
+ response.setHeader("Content-Security-Policy","script-src 'self';object-src 'self';default-src 'self'");
|
|
|
|
|
+ response.setHeader("X-Content-Type-Options","nosniff");
|
|
|
|
|
+ response.setHeader("X-XSS-Protection","1; mode=block");
|
|
|
|
|
+ response.setHeader("X-Frame-Options","SAMEORIGIN");
|
|
|
|
|
|
|
|
checkIp(request,response,filterChain);
|
|
checkIp(request,response,filterChain);
|
|
|
}
|
|
}
|
xusl