List of usage examples for com.google.common.net HttpHeaders X_CONTENT_TYPE_OPTIONS
String X_CONTENT_TYPE_OPTIONS
To view the source code for com.google.common.net HttpHeaders X_CONTENT_TYPE_OPTIONS.
Click Source Link
From source file:keywhiz.service.filters.SecurityHeadersFilter.java
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (response instanceof HttpServletResponse) { HttpServletResponse r = (HttpServletResponse) response; // Defense against XSS. We don't care about IE's Content-Security-Policy because it's useless r.addHeader("X-Content-Security-Policy", "default-src 'self'"); r.addHeader(HttpHeaders.X_XSS_PROTECTION, "0"); // With CSP, we don't need crazy magic // Tell IE not to do silly things r.addHeader(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff"); // Protection against click jacking r.addHeader("Frame-Options", "DENY"); // Who uses this? r.addHeader(HttpHeaders.X_FRAME_OPTIONS, "DENY"); // https-all-the-time r.addHeader(HttpHeaders.STRICT_TRANSPORT_SECURITY, format("max-age=%d; includeSubDomains", YEAR_OF_SECONDS)); }/*w ww .j a v a 2 s .c o m*/ chain.doFilter(request, response); }
From source file:io.airlift.jaxrs.JsonMapper.java
@Override public void writeTo(Object value, Class<?> type, Type genericType, Annotation[] annotations, MediaType mediaType, MultivaluedMap<String, Object> httpHeaders, OutputStream outputStream) throws IOException { // Prevent broken browser from attempting to render the json as html httpHeaders.add(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff"); JsonFactory jsonFactory = objectMapper.getJsonFactory(); jsonFactory.setCharacterEscapes(HTMLCharacterEscapes.INSTANCE); JsonGenerator jsonGenerator = jsonFactory.createJsonGenerator(outputStream, JsonEncoding.UTF8); // Important: we are NOT to close the underlying stream after // mapping, so we need to instruct generator: jsonGenerator.disable(JsonGenerator.Feature.AUTO_CLOSE_TARGET); // Pretty print? if (isPrettyPrintRequested()) { jsonGenerator.useDefaultPrettyPrinter(); }/* ww w. ja v a2 s . c o m*/ // 04-Mar-2010, tatu: How about type we were given? (if any) JavaType rootType = null; if (genericType != null && value != null) { // 10-Jan-2011, tatu: as per [JACKSON-456], it's not safe to just force root // type since it prevents polymorphic type serialization. Since we really // just need this for generics, let's only use generic type if it's truly // generic. if (genericType.getClass() != Class.class) { // generic types are other implementations of 'java.lang.reflect.Type' // This is still not exactly right; should root type be further // specialized with 'value.getClass()'? Let's see how well this works before // trying to come up with more complete solution. rootType = objectMapper.getTypeFactory().constructType(genericType); // 26-Feb-2011, tatu: To help with [JACKSON-518], we better recognize cases where // type degenerates back into "Object.class" (as is the case with plain TypeVariable, // for example), and not use that. // if (rootType.getRawClass() == Object.class) { rootType = null; } } } String jsonpFunctionName = getJsonpFunctionName(); if (jsonpFunctionName != null) { value = new JSONPObject(jsonpFunctionName, value, rootType); rootType = null; } ObjectWriter writer; if (rootType != null) { writer = objectMapper.writerWithType(rootType); } else { writer = objectMapper.writer(); } writer.writeValue(jsonGenerator, value); // add a newline so when you use curl it looks nice outputStream.write('\n'); }