Hi Andy,
These settings for setting http response and by default they are enabled. I
was looking for stripping off the xss script code from http request params
and headers. Here is what I did and seems working fine. I've created
XSSFilter and added it to FilterChain by using below code. My
implementation of getParam , getParams, getHeader methods strips off the
xss injection code not getting into application code.
@Configuration("WebFilterConfiguration")
public class XifinWebFilterConfiguration {
@Bean
public FilterRegistrationBean xssFilter() {
FilterRegistrationBean filterRegBean = new FilterRegistrationBean();
filterRegBean.setFilter(new XSSFilter());
filterRegBean.addUrlPatterns("/*");
filterRegBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
return filterRegBean;
}
}
Chava
On Wednesday, October 3, 2018 at 3:10:00 AM UTC-7, Andy Ng wrote:
>
> Hi Chava,
>
> See if these properties are what you after?
>
>
> https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#http-web-requests
>
> Also, for what each properties does what, you can reference the source
> code here:
> [
> https://github.com/apereo/cas/blob/5.2.x/core/cas-server-core-configuration/src/main/java/org/apereo/cas/configuration/model/core/web/security/HttpWebRequestProperties.java
>
> ]
>
> Cheers!
> - Andy
>
>
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/04d47047-c005-4f0b-a719-2d0f33b7fd74%40apereo.org.
