From eaf386f1d289c0b324f5cd7258c4cf8db0c89226 Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Tue, 4 Apr 2017 09:56:48 +0200 Subject: [PATCH] KEYCLOAK-4693 Improve blocking search indexing --- .../migration/MigrationModelManager.java | 14 ++--- .../migration/migrators/MigrateTo3_1_0.java | 54 +++++++++++++++++++ .../models/BrowserSecurityHeaders.java | 2 + .../messages/admin-messages_en.properties | 2 + .../resources/partials/defense-headers.html | 9 +++- 5 files changed, 74 insertions(+), 7 deletions(-) create mode 100644 server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo3_1_0.java diff --git a/server-spi-private/src/main/java/org/keycloak/migration/MigrationModelManager.java b/server-spi-private/src/main/java/org/keycloak/migration/MigrationModelManager.java index 83cdd84e5e..1a36d7a853 100755 --- a/server-spi-private/src/main/java/org/keycloak/migration/MigrationModelManager.java +++ b/server-spi-private/src/main/java/org/keycloak/migration/MigrationModelManager.java @@ -33,6 +33,7 @@ import org.keycloak.migration.migrators.MigrateTo2_2_0; import org.keycloak.migration.migrators.MigrateTo2_3_0; import org.keycloak.migration.migrators.MigrateTo2_5_0; import org.keycloak.migration.migrators.MigrateTo3_0_0; +import org.keycloak.migration.migrators.MigrateTo3_1_0; import org.keycloak.migration.migrators.Migration; import org.keycloak.models.KeycloakSession; @@ -52,13 +53,14 @@ public class MigrationModelManager { new MigrateTo1_7_0(), new MigrateTo1_8_0(), new MigrateTo1_9_0(), - new MigrateTo1_9_2(), - new MigrateTo2_0_0(), - new MigrateTo2_1_0(), - new MigrateTo2_2_0(), - new MigrateTo2_3_0(), + new MigrateTo1_9_2(), + new MigrateTo2_0_0(), + new MigrateTo2_1_0(), + new MigrateTo2_2_0(), + new MigrateTo2_3_0(), new MigrateTo2_5_0(), - new MigrateTo3_0_0() + new MigrateTo3_0_0(), + new MigrateTo3_1_0() }; public static void migrate(KeycloakSession session) { diff --git a/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo3_1_0.java b/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo3_1_0.java new file mode 100644 index 0000000000..22da4f8e06 --- /dev/null +++ b/server-spi-private/src/main/java/org/keycloak/migration/migrators/MigrateTo3_1_0.java @@ -0,0 +1,54 @@ +/* + * Copyright 2016 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.migration.migrators; + + +import org.keycloak.migration.ModelVersion; +import org.keycloak.models.KeycloakSession; +import org.keycloak.models.RealmModel; + +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +/** + * @author Bill Burke + */ +public class MigrateTo3_1_0 implements Migration { + + public static final ModelVersion VERSION = new ModelVersion("3.1.0"); + + @Override + public void migrate(KeycloakSession session) { + for (RealmModel realm : session.realms().getRealms()) { + if (realm.getBrowserSecurityHeaders() != null) { + + Map browserSecurityHeaders = new HashMap<>(realm.getBrowserSecurityHeaders()); + browserSecurityHeaders.put("xRobotsTag", "none"); + + realm.setBrowserSecurityHeaders(Collections.unmodifiableMap(browserSecurityHeaders)); + } + } + } + + @Override + public ModelVersion getVersion() { + return VERSION; + } + +} diff --git a/server-spi-private/src/main/java/org/keycloak/models/BrowserSecurityHeaders.java b/server-spi-private/src/main/java/org/keycloak/models/BrowserSecurityHeaders.java index 10560271b0..f384f7b885 100755 --- a/server-spi-private/src/main/java/org/keycloak/models/BrowserSecurityHeaders.java +++ b/server-spi-private/src/main/java/org/keycloak/models/BrowserSecurityHeaders.java @@ -34,11 +34,13 @@ public class BrowserSecurityHeaders { headerMap.put("xFrameOptions", "X-Frame-Options"); headerMap.put("contentSecurityPolicy", "Content-Security-Policy"); headerMap.put("xContentTypeOptions", "X-Content-Type-Options"); + headerMap.put("xRobotsTag", "X-Robots-Tag"); Map dh = new HashMap<>(); dh.put("xFrameOptions", "SAMEORIGIN"); dh.put("contentSecurityPolicy", "frame-src 'self'"); dh.put("xContentTypeOptions", "nosniff"); + dh.put("xRobotsTag", "none"); defaultHeaders = Collections.unmodifiableMap(dh); headerAttributeMap = Collections.unmodifiableMap(headerMap); diff --git a/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties b/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties index 97b2808d7e..ce986d10bb 100644 --- a/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties +++ b/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties @@ -111,6 +111,8 @@ content-sec-policy=Content-Security-Policy content-sec-policy-tooltip=Default value prevents pages from being included via non-origin iframes (click label for more information) content-type-options=X-Content-Type-Options content-type-options-tooltip=Default value prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type (click label for more information) +robots-tag=X-Robots-Tag +robots-tag-tooltip=Prevent pages from appearing in search engines (click label for more information) max-login-failures=Max Login Failures max-login-failures.tooltip=How many failures before wait is triggered. wait-increment=Wait Increment diff --git a/themes/src/main/resources/theme/base/admin/resources/partials/defense-headers.html b/themes/src/main/resources/theme/base/admin/resources/partials/defense-headers.html index 1dc08a1663..75e5ba01bb 100755 --- a/themes/src/main/resources/theme/base/admin/resources/partials/defense-headers.html +++ b/themes/src/main/resources/theme/base/admin/resources/partials/defense-headers.html @@ -23,12 +23,19 @@ {{:: 'content-sec-policy-tooltip' | translate}}
- +
{{:: 'content-type-options-tooltip' | translate}}
+
+ +
+ +
+ {{:: 'robots-tag-tooltip' | translate}} +