View Javadoc

1   package com.atlassian.plugins.rest.common.security.jersey;
2   
3   import com.sun.jersey.spi.container.ContainerRequest;
4   import com.sun.jersey.spi.container.ContainerResponse;
5   import com.sun.jersey.spi.container.ContainerResponseFilter;
6   
7   import javax.ws.rs.ext.Provider;
8   
9   /**
10   * This class adds a 'X-Content-Type-Options' header to responses to
11   * prevent certain browsers from performing mime-type sniffing.
12   *
13   * See http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
14   * for further information.
15   *
16   * @since 2.8.1
17   */
18  
19  @Provider
20  public class AntiSniffingResponseFilter implements ContainerResponseFilter
21  {
22      public static final String ANTI_SNIFFING_HEADER_NAME = "X-Content-Type-Options";
23      public static final String ANTI_SNIFFING_HEADER_VALUE = "nosniff";
24  
25      public ContainerResponse filter(ContainerRequest request,
26                                      ContainerResponse containerResponse)
27      {
28          containerResponse.getHttpHeaders().add(
29              ANTI_SNIFFING_HEADER_NAME, ANTI_SNIFFING_HEADER_VALUE);
30          return containerResponse;
31      }
32  }