...
Note: There is a different Grouper feature to create a custom UI per group.
Adding security headers
Web security scans may result in recommendations to add browser headers to lessen the risk of hijacking vectors. There are ways to add these headers via Apache, TomEE/Tomcat, or through the web application. The following demonstrates how these headers can be added to the Grouper UI via web.xml customizations
...
Code Block | ||
---|---|---|
| ||
<filter> <filter-name>ContentSecurityPolicyFilter</filter-name> <filter-class>edu.internet2.middleware.grouper.ui.ContentSecurityPolicyFilter</filter-class> <!-- default value is already suitable for Grouper <init-param> <param-name>value</param-name> <param-value>frame-ancestors 'none'; default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval';</param-value> </init-param> --> </filter> <filter-mapping> <filter-name>ContentSecurityPolicyFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> |