科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>javascript - How to set header X-Content-Type-Options "nosniff" in Springboot application? - Stack Overflow

    javascript - How to set header X-Content-Type-Options "nosniff" in Springboot application? - Stack Overflow

    programmeradmin1浏览0评论

    The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'.

    This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

    The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'.

    This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

    • javascript
    • java
    • css
    • jsp
    • spring-boot
    Share Improve this question edited Aug 28, 2018 at 12:11 vinis asked Aug 27, 2018 at 7:00 vinisvinis 211 gold badge1 silver badge6 bronze badges
    Add a ment  | 

    1 Answer 1

    Reset to default 2

    1. Include spring security in your build (build.gradle)

      pile group: 'org.springframework.boot', name: 'spring-boot-starter-security', version:'2.1.4.RELEASE'

    Or pom.xml.

    <dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
    <version>2.1.2.RELEASE</version>
</dependency>

    ref: https://mvnrepository./artifact/org.springframework.boot/spring-boot-starter-security/2.1.2.RELEASE

    1. Add below java code.

      import org.springframework.security.config.annotation.web.builders.HttpSecurity;

      import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

      import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

      @EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();

    }
}

    Before:

    Content-Type →application/json;charset=UTF-8
Date →Wed, 15 May 2019 19:05:00 GMT
X-Auth-Token →5178dc4e-eac5-40be-9ded-dcfa85c644b6
X-B3-Spanid →3d9a5b2fd21b075c
X-B3-Traceid →3d9a5b2fd21b075c
X-Vcap-Request-Id →4988b251-c2c5-4c5f-558b-ed6bce724e1f
Content-Length →992

    After:

    X-B3-TraceId →51e54c950ae24fa1
X-B3-SpanId →51e54c950ae24fa1
X-Content-Type-Options →nosniff
X-XSS-Protection →1; mode=block
Cache-Control →no-cache, no-store, max-age=0, must-revalidate
Pragma →no-cache
Expires →0
X-Frame-Options →DENY
x-auth-token →92195048-341d-48a7-93a6-f6f0446f3f0c
Content-Type →application/json;charset=UTF-8
Transfer-Encoding →chunked
Date →Fri, 17 May 2019 15:50:59 GMT

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论