Helmet

Helmet secures your spring Webflux or MVC app by setting various HTTP headers.

This is a 1:1 copy of Helmet.js

Quick start

Add https://jitpack.to to your build tool maven repositories.

More info at reactive helmet jitpack io repository

Add com.github.uvera.helmet-spring-boot-starter to your dependencies.

Maven

<project>
    <repositories>
        <repository>
            <id>jitpack.ioid>
            <url>https://jitpack.iourl>
        repository>
    repositories>

    <dependecies>
        <dependency>
            <groupId>com.github.uvera.helmet-spring-boot-startergroupId>
            <artifactId>mvcartifactId>
            <version>VERSIONversion>
        dependency>
    dependecies>
project>

Gradle

dependencies {
    implementation("com.github.uvera.helmet-spring-boot-starter:webflux:VERSION")
}

Enable following configuration properties

spring-helmet:
  enable-cross-origin-embedder-policy: true
  enable-cross-origin-opener-policy: true
  enable-cross-origin-resource-policy: true
  enable-origin-agent-cluster: true
  enable-referrer-policy: true
  enable-strict-transport-security: true
  enable-do-not-sniff-mimetype: true
  enable-x-dns-prefetch-control: true
  enable-x-download-options: true
  enable-x-frame-options: true
  enable-x-permitted-cross-domain-policies: true
  remove-x-powered-by: true
  disable-x-xss-protection: true
  enable-content-security-policy: true

How it works

Helmet works by conditionally autowiring various WebFilter (in Webflux) or OncePerRequestFilter (in MVC) implementations to the filter chain.

You can tweak configuration by the following properties:

spring-helmet:
  cross-origin-resource-policy: cross_origin
  cross-origin-opener-policy: same_origin
  referrer-policy: [ no_referrer ]
  strict-transport-security-max-age: 15552000
  strict-transport-security-include-sub-domains: true
  strict-transport-security-preload: false
  x-dns-prefetch-control: OFF
  x-frame-options: same_origin
  x-permitted-cross-domain-policies: none
  content-security-policy:
    use-default: true
    report-only: false
    # key value pairs where key: String, value: List
   
    directives: { key: [ "value1", "value2" ] }

Kotlin HTTP requests library. Similar to Python requests.

khttp khttp is a simple library for HTTP requests in Kotlin. It functions similarly to Python's requests module. import khttp.get fun main(args: Arra

466 Dec 20, 2022

Kotlin DSL http client

Introduction Kotlin DSL http client Features 🔹 Developers Experience-driven library without verbosity. 🔹 Native way to use http client in Kotlin. 🔹

461 Dec 13, 2022

The easiest HTTP networking library for Kotlin/Android

Fuel The easiest HTTP networking library for Kotlin/Android. You are looking at the documentation for 2.x.y.. If you are looking for the documentation

4.3k Jan 8, 2023

Asynchronous socket, http(s) (client+server) and websocket library for android. Based on nio, not threads.

AndroidAsync AndroidAsync is a low level network protocol library. If you are looking for an easy to use, higher level, Android aware, http request li

7.3k Jan 2, 2023

Java HTTP Request Library

Http Request A simple convenience library for using a HttpURLConnection to make requests and access the response. This library is available under the

3.3k Jan 6, 2023

Unirest in Java: Simplified, lightweight HTTP client library.

Unirest for Java Install With Maven: !-- Pull in as a traditional dependency -- dependency groupIdcom.konghq/groupId artifactIdunire

2.4k Jan 5, 2023

super simple library to manage http requests.

HttpAgent super simple library to manage http requests. Gradle dependencies { implementation 'com.studioidan.httpagent:httpagent:1.0.16@aar' } No

32 Oct 24, 2021

An android asynchronous http client built on top of HttpURLConnection.

Versions 1.0.0 1.0.1 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 Version 1.0.6 Description An android asynchronous http client based on HttpURLConnection. Updates U