I have used below code in filter but it doesn't work make my http to https. I am not sure if I need to register it in resources.groovy because I am little new to groovy.

addHeader(uri: '/*') {
            before = {
                response.setHeader("Strict-Transport-Security",  "max-age=31536000;")
            }
        }

Similarly I need to implement X-Content-Type-Options as well and looking into it.

1

There are 1 answers

0
Pavel Savchyk On

You can use Channel security (part of spring security grails plugin) for this purpose. It will be much easier. https://grails-plugins.github.io/grails-spring-security-core/v2/guide/channelSecurity.html

If you need help with configuration, please specify grails version of your application.