HTTP Header Security

Yellowfin FAQ shared this problem 4 months ago
Resolved

Comments (1)

photo
1

As of 8.0.1, we have implemented a servlet that enables the adding of OWASP Secure headers to all HTTP responses.

For a full list of these, please view this post.

Here's an example of enabling a Referrer-Policy header using a code snippet in the <YellowfinInstall>/appserver/webapps/ROOT/WEB-INF/web.xml file:

    <filter>
        <filter-name>OWASPSecureHeaders</filter-name>
        <filter-class>com.hof.servlet.OWASPSecureHeaders</filter-class>
        <init-param>
            <param-name>Referrer-Policy</param-name>
            <param-value>no-referrer</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>OWASPSecureHeaders</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

Any of the headers can be added via <init-param> name/value blocks. The value is passed through exactly as written. There's no attempt to validate if the values are correct. Valid values can be found on the OWASP Secure Headers page.

If you encounter specific issues please contact Support.

Comments have been locked on this page!