Hi Andy,
These settings for setting http response and by default they are enabled. I
was looking for stripping off the xss script code from http request params
and headers. Here is what I did and seems working fine. I've created
XSSFilter and added it to FilterChain by using below code. My
implementation of getParam , getParams, getHeader methods strips off the
xss injection code not getting into application code.
@Configuration("WebFilterConfiguration")
public class XifinWebFilterConfiguration {
@Bean
public FilterRegistrationBean xssFilter() {
FilterRegistrationBean filterRegBean = new FilterRegistrationBean();
filterRegBean.setFilter(new XSSFilter());
filterRegBean.addUrlPatterns("/*");
filterRegBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
return filterRegBean;
}
}
Chava
On Wednesday, October 3, 2018 at 3:10:00 AM UTC-7, Andy Ng wrote:
>
> Hi Chava,
>
> See if these properties are what you after?
>
>
> https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#http-web-requests
>
> Also, for what each properties does what, you can reference the source
> code here:
> [
> https://github.com/apereo/cas/blob/5.2.x/core/cas-server-core-configuration/src/main/java/org/apereo/cas/configuration/model/core/web/security/HttpWebRequestProperties.java
>
> ]
>
> Cheers!
> - Andy
>
>
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/04d47047-c005-4f0b-a719-2d0f33b7fd74%40apereo.org.
