How to add Security Header/ Missing security Header

How to add Security Header/ Missing security Header

Solution:

If they want to Implement the following security headers:

• Cross-Origin-Embedder-Policy

• Cross-Origin-Resource-Policy

• Cross-Origin-Opener-Policy

• Content-Security-Policy

• Permissions-Policy

please follow the solution below:

Under the <headers> section in aeengine\WEB-INF\spring\security\spring-security.xml file you can add these headers

<headers>

      ...

      ...

      <cross-origin-embedder-policy policy="require-corp" />

      <cross-origin-resource-policy policy="same-origin" />

      <cross-origin-opener-policy policy="same-origin" />

      <permissions-policy policy="geolocation=(self 'https://ae.com')" />

</headers>

The policy attribute value should be the value client wants to be set for that header.

After adding headers restart tomcat. You can cross-check it in developer tool.

  Links to better reach 

        AutomationEdge Training Portal  

        Bot Store

         EPD