Setting Security Headers like X-Content-Type

[samism91]

Setting Security Headers like X-Content-Type

I have set the headers in conf/web.xml in Tomcat 8.5.69 but it is not working so found out that we can do it with spring security as well.

Grails Version: 2.5.5 Spring Security Core Plugin: 2.0.0 Tomcat Version: 8.5.69

Can someone help?

[m4rc77]

@samism91 There must be some way to configure the security headers with grails-spring-security-plugin as it is possible with spring security directly (see: https://docs.spring.io/spring-security/site/docs/5.0.x/reference/html/headers.html) ....

but we could also not figure out how to do it ... therefore we just implemented a filter in grails that adds the security headers. Have a look at https://stackoverflow.com/questions/36781490/how-to-add-strict-transport-security-header-to-a-grails-application it's a complete example how to do it.