added same origin x-frame-options header security config (#1207)
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
This commit is contained in:
@@ -653,7 +653,9 @@ public class SecurityManagedConfiguration {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Overwriting VaadinAuthenticationSuccessHandler of default VaadinSharedSecurityConfiguration
|
* Overwriting VaadinAuthenticationSuccessHandler of default
|
||||||
|
* VaadinSharedSecurityConfiguration
|
||||||
|
*
|
||||||
* @return the vaadin success authentication handler
|
* @return the vaadin success authentication handler
|
||||||
*/
|
*/
|
||||||
@Primary
|
@Primary
|
||||||
@@ -696,6 +698,9 @@ public class SecurityManagedConfiguration {
|
|||||||
}
|
}
|
||||||
// disable as CSRF is handled by Vaadin
|
// disable as CSRF is handled by Vaadin
|
||||||
httpSec.csrf().disable();
|
httpSec.csrf().disable();
|
||||||
|
// allow same origin X-Frame-Options for correct file download under
|
||||||
|
// Safari
|
||||||
|
httpSec.headers().frameOptions().sameOrigin();
|
||||||
|
|
||||||
if (hawkbitSecurityProperties.isRequireSsl()) {
|
if (hawkbitSecurityProperties.isRequireSsl()) {
|
||||||
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
|
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
|
||||||
@@ -762,7 +767,7 @@ public class SecurityManagedConfiguration {
|
|||||||
return new FirewalledRequest(request) {
|
return new FirewalledRequest(request) {
|
||||||
@Override
|
@Override
|
||||||
public void reset() {
|
public void reset() {
|
||||||
//nothing to do
|
// nothing to do
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user