------------------------------------------------------------
revno: 16352
committer: Lars Helge Overland <[email protected]>
branch nick: dhis2
timestamp: Fri 2014-08-08 15:04:42 +0200
message:
Spring security, setting X-Content-Type-Options: nosniff, X-Frame-Options:
DENY, X-XSS-Protection: 1; mode=block headers to prevent XSS attacks.
modified:
dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2014-07-09 09:26:23 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2014-08-08 13:04:42 +0000
@@ -39,6 +39,12 @@
login-page="/dhis-web-commons/security/login.action"
authentication-success-handler-ref="defaultAuthenticationSuccessHandler" />
+ <sec:headers>
+ <sec:content-type-options />
+ <sec:frame-options />
+ <sec:xss-protection />
+ </sec:headers>
+
<sec:http-basic />
<sec:logout logout-url="/dhis-web-commons-security/logout.action" />
<sec:intercept-url pattern="/dhis-web-commons/i18nJavaScript.action" access="permitAll()" />
_______________________________________________
Mailing list: https://launchpad.net/~dhis2-devs
Post to : [email protected]
Unsubscribe : https://launchpad.net/~dhis2-devs
More help : https://help.launchpad.net/ListHelp
