| 提交 | 用户 | 时间 | ||
| e7c126 | 1 | /* |
| H | 2 | * Copyright 1999-2018 Alibaba Group Holding Ltd. |
| 3 | * | |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
| 5 | * you may not use this file except in compliance with the License. | |
| 6 | * You may obtain a copy of the License at | |
| 7 | * | |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 | |
| 9 | * | |
| 10 | * Unless required by applicable law or agreed to in writing, software | |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, | |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 13 | * See the License for the specific language governing permissions and | |
| 14 | * limitations under the License. | |
| 15 | */ | |
| 16 | ||
| 17 | package com.alibaba.nacos.console.filter; | |
| 18 | ||
| 19 | import org.springframework.web.filter.OncePerRequestFilter; | |
| 20 | ||
| 21 | import javax.servlet.FilterChain; | |
| 22 | import javax.servlet.ServletException; | |
| 23 | import javax.servlet.http.HttpServletRequest; | |
| 24 | import javax.servlet.http.HttpServletResponse; | |
| 25 | import java.io.IOException; | |
| 26 | ||
| 27 | /** | |
| 28 | * XSS filter. | |
| 29 | * @author onewe | |
| 30 | */ | |
| 31 | public class XssFilter extends OncePerRequestFilter { | |
| 32 | ||
| 33 | private static final String CONTENT_SECURITY_POLICY_HEADER = "Content-Security-Policy"; | |
| 34 | ||
| 35 | private static final String CONTENT_SECURITY_POLICY = "script-src 'self'"; | |
| 36 | ||
| 37 | @Override | |
| 38 | protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) | |
| 39 | throws ServletException, IOException { | |
| 40 | ||
| 41 | response.setHeader(CONTENT_SECURITY_POLICY_HEADER, CONTENT_SECURITY_POLICY); | |
| 42 | filterChain.doFilter(request, response); | |
| 43 | } | |
| 44 | } | |
