Enable HSTS support for static pages in spring cloud gateway
I am using the spring cloud gateway to run my angular application. The API gateway also acts as an entry point to the underlying microservices.
I have one microservice which is built on spring-web and one interceptor enables HSTS in the response headers.
My angular application has some static files. When these files are requested, the response headers do not have HSTS enabled. Any network calls to the micro-services do have the HSTS in the response headers.
This is a call to a micro-service and the response headers have HSTS
Is there anything to be configured in the spring cloud gateway for static pages? Please help
Solution
I added the below filter and it works.
@Component
public class HstsFilter implements WebFilter {
private static final String PATH ="cms-service/webapi";
private static final Logger LOGGER = LoggerFactory.getLogger(HstsFilter.class);
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
LOGGER.debug("Received request for URL: {}", exchange.getRequest().getURI());
ServerHttpResponse response = exchange.getResponse();
LOGGER.debug("Before modification, response headers: {}", response.getHeaders());
if (!exchange.getRequest().getURI().getPath().contains(PATH) && !exchange.getRequest().getURI().getPath().contains("grafana")) {
response.getHeaders().add("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
response.getHeaders().add("Cache-Control", "no-store"); // HTTP 1.1.
response.getHeaders().add("Pragma", "no-cache"); // HTTP 1.0.
response.getHeaders().add("Expires", "0"); // Proxies.
response.getHeaders().add("X-Frame-Options", "DENY");
}
LOGGER.debug("After modification, response headers: {}", response.getHeaders());
return chain.filter(exchange).then(Mono.fromRunnable(() -> {
LOGGER.debug("Response headers after processing: {}", exchange.getResponse().getHeaders());
LOGGER.debug("Response status code after processing: {}", exchange.getResponse().getStatusCode());
}));
}
- Lost traceId between Spring Boot services 2.x and 3.0 version
- Converting Lazy Loaded object to JSON in spring boot jpa
- How do I increase the default timeout in the Cassandra Java driver using the DriverConfigLoader?
- Spring Boot - Return an empty array of objects
- How to run Spring Boot server in background GH Actions?
- Search from database and display it in web page using spring boot + html
- How to load properties from application.properties with @ExtendWith(SpringExtension.class)
- Spring Boot Freemarker will not display html page
- Find/Remove in @DBref list items in MongoDB for Spring
- Spring Boot control target JAR file name
- Name for argument of type [java.lang.String] not specified, and parameter name information not available via reflection
- Cannot load configs from Config Server - No suitable HttpMessageConverter
- How to prevent Spring Boot/Hibernate from converting entity column names from PascalCase to snake_case?
- How to specify target architecture when using Spring Boot gradle task bootBuildImage
- Error executing DDL "create table in Spring Data JPA?
- not able to call upload file API using RestTemplate
- How to Add JVM Arguments in Azure Application Service?
- How to handle microservice Interaction when one of the microservice is down
- Lombok classes not generated
- LdapCtxFactory because module java.naming does not export com.sun.jndi.ldap to unnamed module
- Is it possible to use @Transactional and kotlin coroutines in spring boot?
- How to convert spring boot app with Okta to read okta groups
- How to add Header - Authorization for swagger 3, spring boot
- SpringBoot RestTemplate ignores spring.jackson.serialization.WRITE_DATES_AS_TIMESTAMPS = false
- Spring Boot 1.5.1 caches JSP
- How does Spring Boot control Tomcat cache?
- How can I change the default location of log4j2.xml in Java Spring Boot?
- Spring Boot application is encountering a NullPointerException after running for a while
- Problem connecting springboot to mysql with docker-compose
- Map as parameter in RestAPI Post request