Platform Explorer / Nuxeo Platform 9.2

Contribution org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService.defaultContrib--responseHeaders

This contribution is part of XML component org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService.defaultContrib inside nuxeo-platform-web-common-9.2.jar /OSGI-INF/web-request-controller-contrib.xml

Extension Point

Extension point responseHeaders of component RequestControllerService.

Contributed Items

  • <header name="X-UA-Compatible">IE=10; IE=11</header>
  • <header name="Cache-Control">no-cache</header>
  • <header name="X-Content-Type-Options">nosniff</header>
  • <header name="X-XSS-Protection">1; mode=block</header>
  • <header name="X-Frame-Options">SAMEORIGIN</header>
  • <header name="Content-Security-Policy">default-src * blob:; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' *; font-src data: *</header>

XML Source

<extension point="responseHeaders" target="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService">
    <header name="X-UA-Compatible">IE=10; IE=11</header>
    <header name="Cache-Control">no-cache</header>
    <header name="X-Content-Type-Options">nosniff</header>
    <header name="X-XSS-Protection">1; mode=block</header>
    <header name="X-Frame-Options">SAMEORIGIN</header>
    <!-- this is a permissive Content-Security-Policy, which should be overridden for more security -->
    <header name="Content-Security-Policy">default-src * blob:; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' *; font-src data: *</header>
  </extension>