Source code

001package com.bluelotussoftware.tomcat.security.valves;
002
003import java.io.IOException;
004import javax.servlet.ServletException;
005import org.apache.catalina.Valve;
006import org.apache.catalina.connector.Request;
007import org.apache.catalina.connector.Response;
008import org.apache.catalina.valves.ValveBase;
009
010/**
011 * <p>
012 * This {@link Valve} is designed to add an {@literal Referrer-Policy: strict-origin-when-cross-origin} header to the
013 * {@link Response} object.</p>
014 * <p>
015 * This is configured in the {@literal context.xml}, or {@literal server.xml} file using the following syntax:</p>
016 * <pre>
017 * &lt;valve&gt;
018 *   &lt;class-name&gt;com.bluelotussoftware.tomcat.security.valves.ReferrerPolicyValve&lt;/class-name&gt;
019 * &lt;/valve&gt;
020 * </pre>
021 *
022 * @author Oliver Kohll
023 * @version 1.0.0
024 */
025public class ReferrerPolicyValve extends ValveBase {
026
027    /**
028     * {@inheritDoc}
029     * <p>
030     * Adds {@literal Referrer-Policy: strict-origin-when-cross-origin} header to the {@link Response} object.</p>
031     */
032    @Override
033    public void invoke(Request request, Response response) throws IOException, ServletException {
034        response.addHeader("Referrer-Policy", "strict-origin-when-cross-origin");
035        getNext().invoke(request, response);
036    }
037
038}