extra security HTTP headers
Closed this issue · 0 comments
flinden68 commented
Logius audit shows the lack of security http headers, like
- frameOptions
- xssProtection
- cacheControl
- httpStrictTransportSecurity
- contentSecurityPolicy
- referrerPolicy
Spring Security has good default support for these headers.
Possible solution:
load SecurityConfig properties at startup, when a property is null, just use the defaults (withDefaults())
Best do this after implementation of #50, because of spring security has a mayor upgrade of the structure with version 6.x, which is used by Spring boot 3.x