How to add strict-transport-security header to a Grails Application

时间:2016-04-21 22:24:42

标签: grails hsts

I have a groovy code running on Grails server. How do i configure it for HSTS ? I looked through Groovy specs there is nothing i found useful.

This is what I want to achieve

When I look at any HTTP Response from the server. I must see a header such as below

Strict-Transport-Security: max-age=31536000

Can you please suggest some pointers ?

1 个答案:

答案 0 :(得分:1)

我建议实现自定义servlet过滤器,如下所示:

@Priority(Integer.MIN_VALUE)
public class HstsFilter extends OncePerRequestFilter {

    public HstsFilter() {
    }

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        filterChain.doFilter(request, response);
        response.addHeader("Strict-Transport-Security", "max-age=31536000");
    }
}

然后你需要在resources.groovy注册它:

beans = {
    hstsFilter(HstsFilter)
}

此代码在Grails 3.1.4上进行了测试