Reputation: 110
Configuring Content-Security-Policy header for grails 2.5 application
I was going through different solutions available for preventing clickjacking in a grails application. One of the solutions was using X-Frame. So, I found a grails plugin, X-Frame-Options Plugin, by mrhaki.
It is serving my purpose of adding a response header
X-Frame:DENY
to every response. Great!
I read there was a modern solution - Content-Security-Policy header. I'm unable to configure this for my Grails application. Could someone help?
Upvotes: 0
Views: 1470
Answers (1)
Reputation: 2340
The X-Frame-Options plugin is simple and inserts a servlet filter to add a header to requests. For your situation I'd recommend creating your own servlet filter to add the Content-Security-Policy headers.
You can see an example here of how to add a header: https://github.com/mrhaki/grails-x-frame-options-plugin/blob/df230a9f01cd2e1c6ac4be6d9eac41fbcae48293/src/main/groovy/com/mrhaki/grails/plugin/xframeoptions/web/XFrameOptionsFilter.groovy#L69
Another option would be to use your web server infront of your app (apache httpd or nginx) to add the headers.
Upvotes: 2
Related Questions
- configuring Content-Security-Policy in tomcat
- Grails: HTTPS and blocked content
- Grails - Spring Security plugin: Enabling CSRF filter
- How to implement CSFR security enhancement with existing Grails project
- How to add strict-transport-security header to a Grails Application
- How do you protect against XSRF in Grails?
- Grails spring security core plugin: how to remove the browser prompt for an ajax request
- Using Spring Security in Grails to restrict content access
- restricting access to staticcontent, urls in grails web-app
- how to force https