Configuring Web Browser Security Header Properties
You can enable or disable the available web browser security header properties in the http-resp-headers.properties file. Limit the use of the properties, property attributes, and attribute values to those mentioned here. If you introduce additional properties, attributes, or attribute values, OneData ignores them at runtime.
To configure properties in the http-resp-headers.properties file
1. Navigate to the directory, Software AG_directory \profiles\ode\workspace\webapps\onedata\WEB-INF\config\security\headers.
2. Open the http-resp-headers.properties file.
3. Set the appropriate value for the following web browser security header properties:
enable-Referrer-Policy. The default value is
false. Change this property to
true to ensure that the Referrer-Policy header value
same-origin is added to the browse. A referrer is sent for same-site origin requests, but cross-origin requests will not contain referrer information.
enable-Strict-Transport-Security. The default value is
false with
Strict-Transport-Security-value=max-age=3600; includeSubDomains. Change this property to
true to enforce the use of HTTPS on the network domain and update the
max-age attribute to the required value.
Important:
If you choose to enable this property, all applications hosted on the network domain will be forced to use only HTTPS.
enable-X-FRAME-OPTIONS. This property controls the
X-FRAME-OPTIONS header. The default value is
true. This value adds the
X-FRAME-OPTIONS header to the browser, preventing any clickjacking attack through the browser.
4. Save and close the file.
5. Restart the OneData server.