Adding security headers in play framework configuration
Question
I am trying to add additional security headers in play framework configuration but my changes are not getting reflected. I read through the play documentation and it says the play.filters.headers only accept 5 pre-defined security headers.
# Security headers filter configuration
headers {
# The X-Frame-Options header. If null, the header is not set.
frameOptions = "DENY"
# The X-XSS-Protection header. If null, the header is not set.
xssProtection = "1; mode=block"
# The X-Content-Type-Options header. If null, the header is not set.
contentTypeOptions = "nosniff"
# The X-Permitted-Cross-Domain-Policies header. If null, the header is not set.
permittedCrossDomainPolicies = "master-only"
# The Content-Security-Policy header. If null, the header is not set.
contentSecurityPolicy = "default-src 'self'"
}
Any idea how to do if i need to add additional headers in the configuration apart from the above 5 mentioned.
Play version is 2.2.3
1 answers
solution1
0 2016-02-10 23:10:38
Play's security headers filter isn't available for Play 2.2.x. It was first introduced with Play 2.3
You probably were looking at the latest (2.4.x at the time of writing this) docs.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.