dropwizard-web-security
dropwizard-web-security copied to clipboard
palantir
A Dropwizard bundle for applying default web security functionality
###### _excavator_ is a bot for automating changes across repositories. Changes produced by the excavator/bulldozer-oss check. To enable or disable this check, please contact the maintainers of Excavator.
consider adding cache headers. an example of this (and rationale) can be found here: [Spring Security Cache Controls](https://spring.io/blog/2013/08/23/spring-security-3-2-0-rc1-highlights-security-headers/#cache-control). the goal would be to add these headers only if they haven't...
Changes produced by the latest-gradle-wrapper-oss check. To enable or disable this check, please contact the maintainers of Excavator.
I was trying to use this module to add Content-Security-Policy to an existing dropwizard app. We serve HTML from our Dropwizard Resources, so our html responses are served from within...
there are only tests for `JerseyAwareWebSecurityFilter`.
It's very unclear what the spec is for the allowedOrigins setting. Given some diggign in the code, I'm pretty sure it's what's here: http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/servlets/CrossOriginFilter.html. But it appears that if there's...
We should add a default endpoint to the bundle that accepts the CSP violation reports and logs them. The contentSecurityPolicy should be automatically configured with the report-uri. Looks like this...