Skip to content

Commit 3d11a7c

Browse files
johanbrigerjohanbriger
authored
implement securityheadersfilter to harden http responses (#91)
* Add SecurityHeadersFilter for hardened HTTP responses * Add SecurityHeadersFilter for hardened HTTP responses * Changed X-XSS-Protection value to recommended 0, * address code review feedback from CodeRabbit * Add @global annotation to SecurityHeadersFilter for automatic registration * Removed line of code in App.java
1 parent eede595 commit 3d11a7c

File tree

2 files changed

+36
-6
lines changed

2 files changed

+36
-6
lines changed

src/main/java/org/juv25d/App.java

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,13 @@
11
package org.juv25d;
22

3-
import org.juv25d.filter.IpFilter;
4-
import org.juv25d.filter.LoggingFilter;
5-
import org.juv25d.filter.RateLimitingFilter;
3+
import org.juv25d.filter.*;
64
import org.juv25d.logging.ServerLogging;
75
import org.juv25d.http.HttpParser;
86
import org.juv25d.plugin.NotFoundPlugin; // New import
97
import org.juv25d.plugin.StaticFilesPlugin;
108
import org.juv25d.router.SimpleRouter; // New import
119
import org.juv25d.util.ConfigLoader;
12-
import org.juv25d.filter.RedirectFilter;
13-
import org.juv25d.filter.RedirectRule;
10+
1411
import java.util.List;
1512

1613
import java.util.Set;
@@ -23,6 +20,9 @@ public static void main(String[] args) {
2320
HttpParser httpParser = new HttpParser();
2421

2522
Pipeline pipeline = new Pipeline();
23+
24+
pipeline.addGlobalFilter(new SecurityHeadersFilter(), 0);
25+
2626
// Configure redirect rules
2727
List<RedirectRule> redirectRules = List.of(
2828
new RedirectRule("/old-page", "/new-page", 301),
@@ -31,7 +31,6 @@ public static void main(String[] args) {
3131
);
3232
pipeline.addGlobalFilter(new RedirectFilter(redirectRules), 0);
3333

34-
3534
// IP filter is enabled but configured with open access during development
3635
// White/blacklist can be tightened when specific IP restrictions are decided
3736
pipeline.addGlobalFilter(new IpFilter(

src/main/java/org/juv25d/filter/SecurityHeadersFilter.java

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
2+
package org.juv25d.filter;
3+
4+
import org.juv25d.filter.annotation.Global;
5+
import org.juv25d.http.HttpRequest;
6+
import org.juv25d.http.HttpResponse;
7+
import java.io.IOException;
8+
9+
/**
10+
* Filter that adds security headers to every HTTP response.
11+
* This helps protect against attacks such as Clickjacking and MIME sniffing.
12+
*/
13+
@Global(order = 0)
14+
public class SecurityHeadersFilter implements Filter {
15+
16+
@Override
17+
public void doFilter(HttpRequest req, HttpResponse res, FilterChain chain) throws IOException {
18+
try {
19+
chain.doFilter(req, res);
20+
} finally {
21+
22+
res.setHeader("X-Content-Type-Options", "nosniff");
23+
res.setHeader("X-Frame-Options", "DENY");
24+
res.setHeader("X-XSS-Protection", "0");
25+
res.setHeader("Referrer-Policy", "no-referrer");
26+
27+
}
28+
}
29+
}
30+
31+

0 commit comments

Comments
 (0)