Skip to Content

How to add custom header to HTTP Response of SAP Neo HTML5 Application?

We have deployed a custom Angular application to SAP Cloud Platform NeoEnvironment, using HTML5 applications deployment option. During a security review of the application, our security team raised a few issues regarding headers received in response. When a request is performed to the application, we can see following response headers(as in attachment):

We would like to add custom response headers, such as:

X-Frame-Options: deny

X-Content-Type-Options: nosniff

Are there any options available to add custom headers via server configuration?

in5es.png (13.9 kB)
Add a comment
10|10000 characters needed characters exceeded

Related questions

2 Answers

  • Best Answer
    Posted on Aug 03, 2020 at 06:35 PM

    Can you please try this :

    Custom Response Headers
    https://help.sap.com/viewer/ea72206b834e4ace9cd834feed6c0e09/Cloud/en-US/8f2fadbd0f1c4bea8d84473e8f25e1d5.html

    "responseHeaders": [
            {
                "headers": [
                	{
    			"name": "X-Frame-Options",
    	                "value": "deny"
                	},
    { "name": "X-Content-Type-Options", "value": "nosniff" } ] } ],
    Try to add the above to the neo-app.json

    Regards,
    Bibhu
    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Aug 03, 2020 at 10:47 AM

    I think in Neo you don't have an option to add this headers. If it's a new application you should not start with Neo but directly use Cloud Foundry. There you can set this headers using the approuter configuration.

    Add a comment
    10|10000 characters needed characters exceeded