Platform Explorer / Nuxeo Platform LTS 2019 10.10

Extension point responseHeaders


Define headers to apply to the HTTP response.

-header - name: name of the header. - enabled: flag to enable/disable a header (default value is true)

Example of a response header Registration:

    <header enabled="true" name="WWW-Authenticate">basic</header>

@since 6.0

Contribution Descriptors

Existing Contributions

Contributions are presented in the same order as the registration order on this extension point. This order is displayed before the contribution name, in brackets.

  • nuxeo-platform-web-common-10.10-HF27.jar /OSGI-INF/web-request-controller-contrib.xml
    <extension point="responseHeaders" target="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService">
        <header name="X-UA-Compatible">IE=10; IE=11</header>
        <header name="Cache-Control">no-cache</header>
        <header name="X-Content-Type-Options">nosniff</header>
        <header name="X-XSS-Protection">1; mode=block</header>
        <header name="X-Frame-Options">SAMEORIGIN</header>
        <header name="Referrer-Policy">strict-origin-when-cross-origin</header>
        <!-- this is a permissive Content-Security-Policy, which should be overridden for more security -->
        <header name="Content-Security-Policy">img-src data: blob: *; default-src blob: *; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' *; font-src data: *</header>