Am 02.06.2017 um 07:43 schrieb Shaik, Mohammad N.: > Hi Chris, > > My actual requirement was to implement 7 HTTP headers, out of > which 4 are implemented in "HttpHeaderSecurityFilter". The remaining 3 headers (Content-Security-Policy, Public-Key-Pins, X-Robots-Tag) are not addressed in any of the filters available in Tomcat 7, 8 & 9 versions. > > Is there any way that we implement these 3 headers in Tomcat? Sure. Look at the implementation for the 4 headers you found. Add three more, recompile. Alternatively, add another filter just for your 3 headers.
As you're creating a solution for you exclusively, you may even completely hard code the values and conditions you need. There's no need for configuration or making it "ready for prime time" as nobody else will use this code under different circumstances. Or write your own servlet filter for the webapps you deploy (no need to go app-server side when the webapps do what's required themselves). In those servlet filters, set those headers under conditions that you determine yourself. Or (again, sorry) utilize httpd's mod_headers. Olaf --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
