View Javadoc

1   package com.atlassian.plugins.rest.common.security.jersey;
2   
3   import com.sun.jersey.spi.container.ContainerRequest;
4   import com.sun.jersey.spi.container.ContainerResponse;
5   import com.sun.jersey.spi.container.ContainerResponseFilter;
6   
7   import javax.ws.rs.ext.Provider;
8   
9   /**
10   * This class adds a 'X-Content-Type-Options' header to responses to
11   * prevent certain browsers from performing mime-type sniffing.
12   *
13   * See http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
14   * for further information.
15   *
16   * @since 2.8.1
17   */
18  
19  @Provider
20  public class AntiSniffingResponseFilter implements ContainerResponseFilter {
21      public static final String ANTI_SNIFFING_HEADER_NAME = "X-Content-Type-Options";
22      public static final String ANTI_SNIFFING_HEADER_VALUE = "nosniff";
23  
24      public ContainerResponse filter(ContainerRequest request,
25                                      ContainerResponse containerResponse) {
26          containerResponse.getHttpHeaders().add(
27                  ANTI_SNIFFING_HEADER_NAME, ANTI_SNIFFING_HEADER_VALUE);
28          return containerResponse;
29      }
30  }