on 08-03-2020 11:31 AM
We have deployed a custom Angular application to SAP Cloud Platform NeoEnvironment, using HTML5 applications deployment option. During a security review of the application, our security team raised a few issues regarding headers received in response. When a request is performed to the application, we can see following response headers(as in attachment):
We would like to add custom response headers, such as:
X-Frame-Options: deny
X-Content-Type-Options: nosniff
Are there any options available to add custom headers via server configuration?
Can you please try this :
Custom Response Headers
https://help.sap.com/viewer/ea72206b834e4ace9cd834feed6c0e09/Cloud/en-US/8f2fadbd0f1c4bea8d84473e8f2...
"responseHeaders": [
{
"headers": [
{
"name": "X-Frame-Options",
"value": "deny"
},
{
"name": "X-Content-Type-Options",
"value": "nosniff"
}
]
}
],
Try to add the above to the neo-app.jsonYou must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you.
I think in Neo you don't have an option to add this headers. If it's a new application you should not start with Neo but directly use Cloud Foundry. There you can set this headers using the approuter configuration.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
82 | |
10 | |
10 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.