Spring Cloud SecureHeaders GatewayFilter工廠

2024-01-05 17:36 更新

SecureHeaders GatewayFilter Factory根據(jù)此博客文章的建議向響應(yīng)中添加了許多標(biāo)頭

添加了以下標(biāo)頭(以及默認(rèn)值):

  • X-Xss-Protection:1; mode=block
  • Strict-Transport-Security:max-age=631138519
  • X-Frame-Options:DENY
  • X-Content-Type-Options:nosniff
  • Referrer-Policy:no-referrer
  • Content-Security-Policy:default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src https:; style-src 'self' https: 'unsafe-inline'
  • X-Download-Options:noopen
  • X-Permitted-Cross-Domain-Policies:none

要更改默認(rèn)值,請(qǐng)?jiān)?code class="literal" i="5042">spring.cloud.gateway.filter.secure-headers名稱空間中設(shè)置適當(dāng)?shù)膶傩裕?/font>

Property進(jìn)行更改:

  • xss-protection-header
  • strict-transport-security
  • frame-options
  • content-type-options
  • referrer-policy
  • content-security-policy
  • download-options
  • permitted-cross-domain-policies

要禁用默認(rèn)值,請(qǐng)使用逗號(hào)分隔值設(shè)置屬性spring.cloud.gateway.filter.secure-headers.disable。

需要使用小寫和安全標(biāo)頭的全名。

可以使用以下值:

  • x-xss-protection
  • strict-transport-security
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • content-security-policy
  • x-download-options
  • x-permitted-cross-domain-policies

例: spring.cloud.gateway.filter.secure-headers.disable=x-frame-options,strict-transport-security


以上內(nèi)容是否對(duì)您有幫助:
在線筆記
App下載
App下載

掃描二維碼

下載編程獅App

公眾號(hào)
微信公眾號(hào)

編程獅公眾號(hào)