Contents

Popular
Contents

This feature will set security headers for the Enterprise server Jetty. 

Headers:

Icon

Security headers are directives used by web applications to configure security defenses in web browsers. Based on these directives, browsers can make it harder to exploit client-side vulnerabilities such as Cross-site Scripting or Clickjacking.

HTTP headers are the name or value pairs that are displayed in the request/response messages of message headers for Hypertext Transfer Protocol (HTTP). HTTP headers are an integral part of HTTP requests and responses. In simpler terms, HTTP headers are the code that transfers data between a Web server and a client.

Setting security headers by providing custom values to the default headers enhances the security of HTTP headers.

Configure Default Headers in eStudio Profile Manager

To set secure headers in the HTTP response, perform the following actions in eStudio after stopping the enterprise server:

  1. Open FES profile in the Profile Management perspective.



  2. Go to FES > Fiorano > Esb > Jetty > Jetty and provide the following value in the DefaultHeaders property:

  3. Save the profile (CTRL+S) and start the FES server.

Test the response in Fiorano Dashboard

To confirm whether the settings are applied to the server configuration, perform the following actions in Fiorano Dashboard:

  1. Login to Fiorano ESB Dashboard (http://localhost:1980/FioranoESB).
  2. Perform an action (like starting an Extended Service sample under the Applications tab) that invokes a request.
  3. Open browser developer tools (CTRL+SHIFT+I) and refresh the page or click on any tab.

  4. In the Network tab of the browser developer tool, click on any Dashboard URL.

    Icon

    Response Headers values for testHeader1 and testHeader2 attributes reflect the settings in the profile manager configuration.

Adaptavist ThemeBuilder EngineAtlassian Confluence