Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add security headers #124

Closed
atomfrede opened this issue Jul 21, 2020 · 1 comment · Fixed by #125
Closed

Add security headers #124

atomfrede opened this issue Jul 21, 2020 · 1 comment · Fixed by #125
Assignees
@atomfrede
Labels
enhancement 💎 New feature or request

Comments

@atomfrede
Copy link
Member

Overview of the feature request

For the boot backend we set a bunch of headers (via spring security) to improve security (e.g. x-frame options). Currently we do not that here. We score F instead of A as we do for the boot backend. I guess the best way is to implement a custom filter (like the CorsFilter) and set the headers accordingly.

Motivation for or Use Case

Spring Boot

image

Micronaut
image
@atomfrede atomfrede added the enhancement 💎 New feature or request label Jul 21, 2020
@atomfrede
Copy link
Member Author

I guess the OncePerRequestFilter would be the way to go. Something like this?

@Filter
public class SecurityHeaderFilter extends OncePerRequestHttpServerFilter  {

    @Override
    protected Publisher<MutableHttpResponse<?>> doFilterOnce(HttpRequest<?> request, ServerFilterChain chain) {

        return Publishers.map(chain.proceed(request), mutableHttpResponse -> {
            mutableHttpResponse.header("X-Frame-Options", "DENY");
            return mutableHttpResponse;
        });
    }

}

@atomfrede atomfrede self-assigned this Jul 21, 2020
atomfrede added a commit to atomfrede/generator-jhipster-micronaut that referenced this issue Jul 21, 2020
@atomfrede
add security headers
60a0194 
close jhipster#124
@atomfrede atomfrede mentioned this issue Jul 21, 2020
Merged
atomfrede added a commit to atomfrede/generator-jhipster-micronaut that referenced this issue Jul 24, 2020
@atomfrede
make jar reference in procfile distinct
a490c43 
closes jhipster#124
@atomfrede atomfrede mentioned this issue Jul 24, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@atomfrede atomfrede

Labels
enhancement 💎 New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add security headers atomfrede/generator-jhipster-micronaut
1 participant
@atomfrede