HTTP Header Security

Yellowfin FAQ shared this problem 5 years ago
Resolved

Replies (1)

photo
1

As of 8.0.1, we have implemented a servlet that enables the adding of OWASP Secure headers to all HTTP responses.

For a full list of these, please view this post.

Here's an example of enabling a Referrer-Policy header using a code snippet in the <YellowfinInstall>/appserver/webapps/ROOT/WEB-INF/web.xml file:

    <filter>
        <filter-name>OWASPSecureHeaders</filter-name>
        <filter-class>com.hof.servlet.OWASPSecureHeaders</filter-class>
        <init-param>
            <param-name>Referrer-Policy</param-name>
            <param-value>no-referrer</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>OWASPSecureHeaders</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

Any of the headers can be added via <init-param> name/value blocks. The value is passed through exactly as written. There's no attempt to validate if the values are correct. Valid values can be found on the OWASP Secure Headers page.

If you encounter specific issues please contact Support.

Replies have been locked on this page!