Repository: activemq Updated Branches: refs/heads/master 7eb25ec50 -> 186b5d0f3
https://issues.apache.org/jira/browse/AMQ-6113 Properly set the X-FRAME-OPTIONS header on web responses. Project: http://git-wip-us.apache.org/repos/asf/activemq/repo Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/186b5d0f Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/186b5d0f Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/186b5d0f Branch: refs/heads/master Commit: 186b5d0f305ed63b23a1db712a933aa4896006cf Parents: 7eb25ec Author: Christopher L. Shannon (cshannon) <[email protected]> Authored: Fri Jan 29 21:05:35 2016 +0000 Committer: Christopher L. Shannon (cshannon) <[email protected]> Committed: Fri Jan 29 21:05:35 2016 +0000 ---------------------------------------------------------------------- .../src/main/webapp/WEB-INF/web.xml | 10 ++++ .../src/main/webapp/WEB-INF/web.xml | 9 ++++ .../activemq/web/XFrameOptionsFilter.java | 53 ++++++++++++++++++++ 3 files changed, 72 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/activemq/blob/186b5d0f/activemq-web-console/src/main/webapp/WEB-INF/web.xml ---------------------------------------------------------------------- diff --git a/activemq-web-console/src/main/webapp/WEB-INF/web.xml b/activemq-web-console/src/main/webapp/WEB-INF/web.xml index 962713e..28a873c 100755 --- a/activemq-web-console/src/main/webapp/WEB-INF/web.xml +++ b/activemq-web-console/src/main/webapp/WEB-INF/web.xml @@ -25,6 +25,16 @@ Apache ActiveMQ Web Console </description> <display-name>ActiveMQ Console</display-name> + + <filter> + <filter-name>XFrameOptions</filter-name> + <filter-class>org.apache.activemq.web.XFrameOptionsFilter</filter-class> + </filter> + + <filter-mapping> + <filter-name>XFrameOptions</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> <!-- Expose Spring POJOs to JSP . --> http://git-wip-us.apache.org/repos/asf/activemq/blob/186b5d0f/activemq-web-demo/src/main/webapp/WEB-INF/web.xml ---------------------------------------------------------------------- diff --git a/activemq-web-demo/src/main/webapp/WEB-INF/web.xml b/activemq-web-demo/src/main/webapp/WEB-INF/web.xml index cd39366..39240d6 100755 --- a/activemq-web-demo/src/main/webapp/WEB-INF/web.xml +++ b/activemq-web-demo/src/main/webapp/WEB-INF/web.xml @@ -30,6 +30,15 @@ </context-param> <!-- filters --> + <filter> + <filter-name>XFrameOptions</filter-name> + <filter-class>org.apache.activemq.web.XFrameOptionsFilter</filter-class> + </filter> + + <filter-mapping> + <filter-name>XFrameOptions</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> <filter> <filter-name>session</filter-name> <filter-class>org.apache.activemq.web.SessionFilter</filter-class> http://git-wip-us.apache.org/repos/asf/activemq/blob/186b5d0f/activemq-web/src/main/java/org/apache/activemq/web/XFrameOptionsFilter.java ---------------------------------------------------------------------- diff --git a/activemq-web/src/main/java/org/apache/activemq/web/XFrameOptionsFilter.java b/activemq-web/src/main/java/org/apache/activemq/web/XFrameOptionsFilter.java new file mode 100644 index 0000000..e78c79f --- /dev/null +++ b/activemq-web/src/main/java/org/apache/activemq/web/XFrameOptionsFilter.java @@ -0,0 +1,53 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.web; + +import java.io.IOException; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletResponse; + +/** + * Filter to set the header X-FRAME-OPTIONS on web responses + * + */ +public class XFrameOptionsFilter implements Filter { + + private static String SAMEORIGIN = "SAMEORIGIN"; + + @Override + public void init(FilterConfig config) throws ServletException { + } + + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { + HttpServletResponse servletResponse = (HttpServletResponse)response; + //Set all responses to SAMEORIGIN, can be switched to be configurable later if + //we need to conditionally set this + servletResponse.addHeader("X-FRAME-OPTIONS", SAMEORIGIN); + chain.doFilter(request, response); + } + + @Override + public void destroy() { + } +}
