File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -364,6 +364,24 @@ OpenApiServer.builder()
364364 .build();
365365```
366366
367+ #### Built-in: browser security headers
368+
369+ ` Handlers.securityHeadersDecorator() ` adds two browser-hardening headers to every response —
370+ ` X-Content-Type-Options: nosniff ` and ` Cross-Origin-Resource-Policy: same-origin ` . Handler-supplied
371+ values for either header are preserved, so individual responses can opt out by setting the header
372+ explicitly.
373+
374+ ``` java
375+ OpenApiServer . builder()
376+ .spec(spec)
377+ .handlers(handlers)
378+ .responseDecorator(Handlers . securityHeadersDecorator())
379+ .build();
380+ ```
381+
382+ Decorators run on the dispatch path only — error responses produced by ` ExceptionFilter ` (e.g.
383+ the default 500) bypass them.
384+
367385### Request interceptors
368386
369387` Builder.interceptor(...) ` registers a ` RequestInterceptor ` that wraps every handler invocation.
You can’t perform that action at this time.
0 commit comments