Platform Explorer / Nuxeo Platform LTS 2016 8.10

Extension point responseHeaders

Define headers to apply to the HTTP response.

-header - name: name of the header. - enabled: flag to enable/disable a header (default value is true)

Example of a response header Registration:

    <header enabled="true" name="WWW-Authenticate">basic</header>

@since 6.0

Contribution Descriptor

Existing Contributions

  • nuxeo-platform-web-common-8.10.jar /OSGI-INF/web-request-controller-contrib.xml
    <extension point="responseHeaders" target="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService">
        <header name="X-UA-Compatible">IE=10; IE=11</header>
        <header name="Cache-Control">no-cache</header>
        <header name="X-Content-Type-Options">nosniff</header>
        <header name="X-XSS-Protection">1; mode=block</header>
        <header name="X-Frame-Options">SAMEORIGIN</header>
        <!-- this is a permissive Content-Security-Policy, which should be overridden for more security -->
        <header name="Content-Security-Policy">default-src *; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' *; font-src data: *</header>
      </extension>