Improved security settings

rmraya · rmraya · commit 3e51223ae186 · 2023-11-15T11:08:10.000-03:00
diff --git a/src/com/maxprograms/remotetm/Constants.java b/src/com/maxprograms/remotetm/Constants.java
@@ -19,7 +19,7 @@ private Constants() {
     }
 
     public static final String VERSION = "5.7.0";
-    public static final String BUILD = "20231028_1759";
+    public static final String BUILD = "20231115_1100";
 
     public static final String STATUS = "status";
     public static final String OK = "OK";
diff --git a/src/com/maxprograms/remotetm/utils/SecurityFilter.java b/src/com/maxprograms/remotetm/utils/SecurityFilter.java
@@ -38,8 +38,11 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
 		res.addHeader("Cache-Control", "no-cache");
 		res.addHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
 		res.addHeader("X-Permitted-Cross-Domain-Policies", "master-only");
-		res.addHeader("Content-Security-Policy", "default-src https: 'self' 'unsafe-inline'");
+		res.addHeader("Content-Security-Policy", "report-uri https://dev.maxprograms.com");
 		res.addHeader("Referrer-Policy", "no-referrer-when-downgrade");
+		res.addHeader("X-Frame-Options", "SAMEORIGIN");
+		res.addHeader("X-XSS-Protection", "1; mode=block");
+		res.addHeader("Permissions-Policy", "geolocation=(), camera=(), microphone=()");
 		res.setCharacterEncoding(StandardCharsets.UTF_8.name());
 		try {
 			chain.doFilter(request, response);

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ private Constants() {`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`public static final String VERSION = "5.7.0";`
`22`		`- public static final String BUILD = "20231028_1759";`
	`22`	`+ public static final String BUILD = "20231115_1100";`
`23`	`23`
`24`	`24`	`public static final String STATUS = "status";`
`25`	`25`	`public static final String OK = "OK";`