Platform Explorer / Nuxeo Platform LTS 2017 9.10

Extension point responseHeaders

Documentation

Define headers to apply to the HTTP response.

-header - name: name of the header. - enabled: flag to enable/disable a header (default value is true)

Example of a response header Registration:

    <header enabled="true" name="WWW-Authenticate">basic</header>

@since 6.0

Contribution Descriptors

  • Class: org.nuxeo.ecm.platform.web.common.requestcontroller.service.NuxeoHeaderDescriptor

Existing Contributions

Contributions are presented in the same order as the registration order on this extension point. This order is displayed before the contribution name, in brackets.

  • nuxeo-platform-web-common-9.10.jar /OSGI-INF/web-request-controller-contrib.xml
    <extension point="responseHeaders" target="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService">
        <header name="X-UA-Compatible">IE=10; IE=11</header>
        <header name="Cache-Control">no-cache, no-store, must-revalidate</header>
        <header name="X-Content-Type-Options">nosniff</header>
        <header name="X-XSS-Protection">1; mode=block</header>
        <header name="X-Frame-Options">SAMEORIGIN</header>
        <!-- this is a permissive Content-Security-Policy, which should be overridden for more security -->
        <header name="Content-Security-Policy">img-src data: blob: *; default-src blob: *; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' *; font-src data: *</header>
      </extension>