Helmet secures your spring Webflux or MVC app by setting various HTTP headers

Overview

Helmet

Helmet secures your spring Webflux or MVC app by setting various HTTP headers.

This is a 1:1 copy of Helmet.js

Quick start

Add https://jitpack.to to your build tool maven repositories.

More info at reactive helmet jitpack io repository

Add com.github.uvera.helmet-spring-boot-starter to your dependencies.

Maven

<project>
    <repositories>
        <repository>
            <id>jitpack.ioid>
            <url>https://jitpack.iourl>
        repository>
    repositories>

    <dependecies>
        <dependency>
            <groupId>com.github.uvera.helmet-spring-boot-startergroupId>
            <artifactId>mvcartifactId>
            <version>VERSIONversion>
        dependency>
    dependecies>
project>

Gradle

dependencies {
    implementation("com.github.uvera.helmet-spring-boot-starter:webflux:VERSION")
}

Enable following configuration properties

spring-helmet:
  enable-cross-origin-embedder-policy: true
  enable-cross-origin-opener-policy: true
  enable-cross-origin-resource-policy: true
  enable-origin-agent-cluster: true
  enable-referrer-policy: true
  enable-strict-transport-security: true
  enable-do-not-sniff-mimetype: true
  enable-x-dns-prefetch-control: true
  enable-x-download-options: true
  enable-x-frame-options: true
  enable-x-permitted-cross-domain-policies: true
  remove-x-powered-by: true
  disable-x-xss-protection: true
  enable-content-security-policy: true

How it works

Helmet works by conditionally autowiring various WebFilter (in Webflux) or OncePerRequestFilter (in MVC) implementations to the filter chain.

You can tweak configuration by the following properties:

spring-helmet:
  cross-origin-resource-policy: cross_origin
  cross-origin-opener-policy: same_origin
  referrer-policy: [ no_referrer ]
  strict-transport-security-max-age: 15552000
  strict-transport-security-include-sub-domains: true
  strict-transport-security-preload: false
  x-dns-prefetch-control: OFF
  x-frame-options: same_origin
  x-permitted-cross-domain-policies: none
  content-security-policy:
    use-default: true
    report-only: false
    # key value pairs where key: String, value: List
   
    directives: { key: [ "value1", "value2" ] } 
You might also like...
Kotlin HTTP requests library. Similar to Python requests.

khttp khttp is a simple library for HTTP requests in Kotlin. It functions similarly to Python's requests module. import khttp.get fun main(args: Arra

Kotlin DSL http client
Kotlin DSL http client

Introduction Kotlin DSL http client Features 🔹 Developers Experience-driven library without verbosity. 🔹 Native way to use http client in Kotlin. 🔹

The easiest HTTP networking library for Kotlin/Android

Fuel The easiest HTTP networking library for Kotlin/Android. You are looking at the documentation for 2.x.y.. If you are looking for the documentation

Asynchronous socket, http(s) (client+server) and websocket library for android. Based on nio, not threads.

AndroidAsync AndroidAsync is a low level network protocol library. If you are looking for an easy to use, higher level, Android aware, http request li

Java HTTP Request Library

Http Request A simple convenience library for using a HttpURLConnection to make requests and access the response. This library is available under the

Unirest in Java: Simplified, lightweight HTTP client library.

Unirest for Java Install With Maven: !-- Pull in as a traditional dependency -- dependency groupIdcom.konghq/groupId artifactIdunire

super simple library to manage http requests.

HttpAgent super simple library to manage http requests. Gradle dependencies { implementation 'com.studioidan.httpagent:httpagent:1.0.16@aar' } No

An android asynchronous http client built on top of HttpURLConnection.

Versions 1.0.0 1.0.1 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 Version 1.0.6 Description An android asynchronous http client based on HttpURLConnection. Updates U

Unirest in Java: Simplified, lightweight HTTP client library.

Unirest for Java Install With Maven: !-- Pull in as a traditional dependency -- dependency groupIdcom.konghq/groupId artifactIdunire

Releases(0.1.1)
Owner
Dušan
21 year old developer, student of Faculty of Technical Sciences
Dušan
LiteHttp is a simple, intelligent and flexible HTTP framework for Android. With LiteHttp you can make HTTP request with only one line of code! It could convert a java model to the parameter and rander the response JSON as a java model intelligently.

Android network framework: LiteHttp Tags : litehttp2.x-tutorials Website : http://litesuits.com QQgroup : 42960650 , 47357508 Android网络通信为啥子选 lite-htt

马天宇 829 Dec 29, 2022
Android Easy Http - Simplest android http request library.

Android Easy Http Library 繁體中文文檔 About Android Easy Http Library Made on OkHttp. Easy to do http request, just make request and listen for the respons

null 13 Sep 30, 2022
HttpMocker is a simple HTTP mocking library written in Kotlin to quickly and easily handle offline modes in your apps

HttpMocker HttpMocker is a very lightweight Kotlin library that allows to mock HTTP calls relying on either OkHttp or the Ktor client libraries. It ca

David Blanc 174 Nov 28, 2022
Monitoring water tanker level using NodeMCU ESP8266 and HC-SR04P Ultrasonic Sensor and broadcasting it using a simple HTTP server inside NodeMCU ESP8266 and show data in an Android App

WaterLevel Preface This project aims to finding a tanker water level using NodeMCU with ESP8266 core and HC-SR04P Ultrasonic sensor and broadcasting i

YaMiN 12 Dec 20, 2022
Asynchronous Http and WebSocket Client library for Java

Async Http Client Follow @AsyncHttpClient on Twitter. The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and a

AsyncHttpClient 6k Jan 8, 2023
Square’s meticulous HTTP client for the JVM, Android, and GraalVM.

OkHttp See the project website for documentation and APIs. HTTP is the way modern applications network. It’s how we exchange data & media. Doing HTTP

Square 43.4k Jan 5, 2023
A type-safe HTTP client for Android and the JVM

Retrofit A type-safe HTTP client for Android and Java. For more information please see the website. Download Download the latest JAR or grab from Mave

Square 41k Jan 5, 2023
HTTP Server for Android Instrumentation tests

RESTMock REST API mocking made easy. RESTMock is a library working on top of Square's okhttp/MockWebServer. It allows you to specify Hamcrest matchers

Andrzej Chmielewski 750 Dec 29, 2022
🚀 A Complete Fast Android Networking Library that also supports HTTP/2 🚀

Fast Android Networking Library About Fast Android Networking Library Fast Android Networking Library is a powerful library for doing any type of netw

AMIT SHEKHAR 5.5k Dec 27, 2022
Multiplatform coroutine-based HTTP client wrapper for Kotlin

networkinkt This is a lightweight HTTP client for Kotlin. It relies on coroutines on both JS & JVM platforms. Here is a simple GET request: val text =

Egor Zhdan 31 Jul 27, 2022