Difficult to know what your exact requirements are. For samples of CSP headers, you can look here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
I don't have any specific experience with CSP, but to add custom headers, you will need to use a filter. I thought the http header security filter might do it, but it looks like it doesn't. You should still consider it: https://tomcat.apache.org/tomcat-8.0-doc/config/filter.html. Other than that, you will probably need to write a custom filter, which is what I have always ended up doing for odd header requirements. Mark . On Wed, 19 Sep 2018, 18:12 Tezarin, <[email protected]> wrote: > Hi, > I need to implement an Content Security Policy (CSP) for the guacamole web > application. This is done via http headers added to the response from the > tomcat server running guacamole. So here are the questions I would ask > myself: > 1. How do I add HTTP headers to a tomcat server or guacamole > configuration? If I cannot do it easily, how do I add them to an nginx > config for a proxied application?2. What is the format of the CSP header?3. > What is a good CSP policy to implement to cover what we need? > I was just wondering how if anyone has done this before. Any help would be > much appreciated. I am using Guacamole inside docker containers. > Thanks >
