Contribution org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService.defaultContrib--responseHeaders
In component org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService.defaultContrib
org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService.defaultContrib
inside nuxeo-platform-web-common-9.10.jar /OSGI-INF/web-request-controller-contrib.xml
This contribution is part of XML component Extension Point
Extension point responseHeaders of component RequestControllerService.Contributed Items
XML Source
<extension point="responseHeaders" target="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService">
<header name="X-UA-Compatible">IE=10; IE=11</header>
<header name="Cache-Control">no-cache, no-store, must-revalidate</header>
<header name="X-Content-Type-Options">nosniff</header>
<header name="X-XSS-Protection">1; mode=block</header>
<header name="X-Frame-Options">SAMEORIGIN</header>
<!-- this is a permissive Content-Security-Policy, which should be overridden for more security -->
<header name="Content-Security-Policy">img-src data: blob: *; default-src blob: *; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' *; font-src data: *</header>
</extension>