Contribution org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService.defaultContrib--responseHeaders
In component org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService.defaultContrib
org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService.defaultContrib
inside nuxeo-platform-web-common-2021.51.1.jar /OSGI-INF/web-request-controller-contrib.xml
You can influence this order by adding "require" tags in the containing component declaration, to make sure it is resolved after another component (see "Resolution Order" on components).
This contribution is part of XML component Extension Point
Extension point responseHeaders of component RequestControllerService.Registration Order
0
The registration order represents the order in which this contribution was registered on its target extention
point.
This will impact the override/merge behaviour when it is implemented on the target service, and is useful for
proper customization of existing contributions.
You can influence this order by adding "require" tags in the containing component declaration, to make sure it is resolved after another component (see "Resolution Order" on components).
Contributed Items
XML Source
<extension point="responseHeaders" target="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService">
<header name="X-UA-Compatible">IE=10; IE=11</header>
<header name="Cache-Control">no-cache</header>
<header name="X-Content-Type-Options">nosniff</header>
<header name="X-XSS-Protection">1; mode=block</header>
<header name="X-Frame-Options">SAMEORIGIN</header>
<header name="Referrer-Policy">strict-origin-when-cross-origin</header>
<!-- this is a permissive Content-Security-Policy, which should be overridden for more security -->
<header name="Content-Security-Policy">img-src data: blob: *; default-src blob: *; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' *; font-src data: *</header>
</extension>