Skip to Content
author's profile photo Ketan P
1
Ketan P

How to add custom header to HTTP Response of SAP Neo HTML5 Application?

Posted on Aug 03, 2020 at 10:31 AM 257 Views Last edit Aug 03, 2020 at 10:33 AM 3 rev.

We have deployed a custom Angular application to SAP Cloud Platform NeoEnvironment, using HTML5 applications deployment option. During a security review of the application, our security team raised a few issues regarding headers received in response. When a request is performed to the application, we can see following response headers(as in attachment):

We would like to add custom response headers, such as:

X-Frame-Options: deny

X-Content-Type-Options: nosniff

Are there any options available to add custom headers via server configuration?

in5es.png (13.9 kB)
Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • Best Answer
    author's profile photo Bibhu Prasad Behera
    Bibhu Prasad Behera
    Posted on Aug 03, 2020 at 06:35 PM
    2

    Can you please try this :

    Custom Response Headers
    https://help.sap.com/viewer/ea72206b834e4ace9cd834feed6c0e09/Cloud/en-US/8f2fadbd0f1c4bea8d84473e8f25e1d5.html

    "responseHeaders": [
        {
            "headers": [
            	{
			"name": "X-Frame-Options",
	                "value": "deny"
            	},
                    {
			"name": "X-Content-Type-Options",
	                "value": "nosniff"
            	}
            ]
        }
    ],
    Try to add the above to the neo-app.json

    Regards,
    Bibhu
    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Gregor Wolf
    Gregor Wolf
    Posted on Aug 03, 2020 at 10:47 AM
    0

    I think in Neo you don't have an option to add this headers. If it's a new application you should not start with Neo but directly use Cloud Foundry. There you can set this headers using the approuter configuration.

    Add a comment
    10|10000 characters needed characters exceeded