开发者

ehcache SimpleCachingHeadersPageCachingFilter adding X-XSS-Protection & X-Content-Type-Options

I have SimpleCachingHeadersPageCachingFilter configured in my web.xml and it works fine but h开发者_C百科ow would I go about adding some other stuff to the header like:

X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

I went to http://ehcache.org/documentation/user-guide/web-caching for more info but no luck.


Everything is in the code and in JavaDocs. For starters I would extend SimpleCachingHeadersPageCachingFilter and override buildPage():

public class CustomHeadersPageCachingFilter extends SimpleCachingHeadersPageCachingFilter {

    @Override
    protected PageInfo buildPage(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws AlreadyGzippedException, Exception {
        PageInfo pageInfo = super.buildPage(request, response, chain);
        headers.add(new Header<String>("X-Content-Type-Options", "nosniff"));
        headers.add(new Header<String>("X-XSS-Protection", "1; mode=block"));
        return pageInfo;
    }
}

However JavaDoc for the method we are overriding states that:

To control your own caching headers, use {@link SimplePageCachingFilter}.

SimplePageCachingFilter is a base class of SimpleCachingHeadersPageCachingFilter which are extending right now. However I think this comment suggests to use the former class if we want to use completely different headers. If we want to keep standard headers (added by the latter class via super.buildPage()) this approach seems valid.

Disclaimer: note that extending class's behavior by extending it and overriding some methods by first calling super version and adding some logic isn't the best OO technique.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜