Extension point responseHeaders
Documentation
Define headers to apply to the HTTP response.
-header - name: name of the header. - enabled: flag to enable/disable a header (default value is true)
Example of a response header Registration:
<header enabled="true" name="WWW-Authenticate">basic</header>
@since 6.0
Contribution Descriptors
- Class: org.nuxeo.ecm.platform.web.common.requestcontroller.service.NuxeoHeaderDescriptor
Existing Contributions
Contributions are presented in the same order as the registration order on this extension point. This order is displayed before the contribution name, in brackets.
-
<extension point="responseHeaders" target="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService"> <header name="X-UA-Compatible">IE=10; IE=11</header> <header name="Cache-Control">no-cache, no-store, must-revalidate</header> <header name="X-Content-Type-Options">nosniff</header> <header name="X-XSS-Protection">1; mode=block</header> <header name="X-Frame-Options">SAMEORIGIN</header> <!-- this is a permissive Content-Security-Policy, which should be overridden for more security --> <header name="Content-Security-Policy">img-src data: blob: *; default-src blob: *; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' *; font-src data: *</header> </extension>