Hi Prabath, I'm going to add this into kernel. There are several parameters for the filter we can enable. Do you have anything needs to be enabled specifically? or just have the filter in place ?. https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#HTTP_Header_Security_Filter
thanks, On Thu, Aug 6, 2015 at 7:16 PM, Supun Malinga <[email protected]> wrote: > Hi Kishanthan, > > On Thu, Aug 6, 2015 at 5:47 PM, Kishanthan Thangarajah < > [email protected]> wrote: > >> Ok. Targeting for next kernel release. For already released products, >> they can enable this by editing the global web.xml. >> >> @SupunM, can we include this for next AS release? >> > > Since this is in kernel we cannot include this fix unless we do another > kernel release (i.e: 4.4.2) before AS 5.3.0. Other option would be to > duplicate the web.xml from carbon-deployment and add the changes there. If > this is important we can easily do this from second approach. > > >> >> On Thu, Aug 6, 2015 at 5:35 PM, Prabath Siriwardena <[email protected]> >> wrote: >> >>> Yes.. please engage it by default.. >>> >>> Thanks & regards, >>> -Prabath >>> >>> On Thu, Aug 6, 2015 at 5:28 PM, Kishanthan Thangarajah < >>> [email protected]> wrote: >>> >>>> Created a jira for this : https://wso2.org/jira/browse/CARBON-15354 >>>> >>>> On Thu, Aug 6, 2015 at 5:22 PM, Kishanthan Thangarajah < >>>> [email protected]> wrote: >>>> >>>>> We can do this via the global web.xml at >>>>> $CARBON_HOME/repository/conf/tomcat/web.xml. >>>>> Then it will be available for all the webapps (including mgt console). >>>>> Should this be added as a default filter? >>>>> >>>>> Refer : >>>>> https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#HTTP_Header_Security_Filter >>>>> >>>>> On Thu, Aug 6, 2015 at 3:48 PM, Prabath Siriwardena <[email protected]> >>>>> wrote: >>>>> >>>>>> Can we please do the $subject ? >>>>>> >>>>>> >>>>>> Thanks & Regards, >>>>>> Prabath >>>>>> >>>>>> Twitter : @prabath >>>>>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>>>>> >>>>>> Mobile : +1 650 625 7950 >>>>>> >>>>>> http://blog.facilelogin.com >>>>>> http://blog.api-security.org >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Kishanthan Thangarajah* >>>>> Associate Technical Lead, >>>>> Platform Technologies Team, >>>>> WSO2, Inc. >>>>> lean.enterprise.middleware >>>>> >>>>> Mobile - +94773426635 >>>>> Blog - *http://kishanthan.wordpress.com >>>>> <http://kishanthan.wordpress.com>* >>>>> Twitter - *http://twitter.com/kishanthan >>>>> <http://twitter.com/kishanthan>* >>>>> >>>> >>>> >>>> >>>> -- >>>> *Kishanthan Thangarajah* >>>> Associate Technical Lead, >>>> Platform Technologies Team, >>>> WSO2, Inc. >>>> lean.enterprise.middleware >>>> >>>> Mobile - +94773426635 >>>> Blog - *http://kishanthan.wordpress.com >>>> <http://kishanthan.wordpress.com>* >>>> Twitter - *http://twitter.com/kishanthan >>>> <http://twitter.com/kishanthan>* >>>> >>> >>> >>> >>> -- >>> Thanks & Regards, >>> Prabath >>> >>> Twitter : @prabath >>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>> >>> Mobile : +1 650 625 7950 >>> >>> http://blog.facilelogin.com >>> http://blog.api-security.org >>> >> >> >> >> -- >> *Kishanthan Thangarajah* >> Associate Technical Lead, >> Platform Technologies Team, >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - +94773426635 >> Blog - *http://kishanthan.wordpress.com >> <http://kishanthan.wordpress.com>* >> Twitter - *http://twitter.com/kishanthan <http://twitter.com/kishanthan>* >> > > > > -- > Supun Malinga, > > Senior Software Engineer, > WSO2 Inc. > http://wso2.com > email: [email protected] <[email protected]> > mobile: +94 (0)71 56 91 321 > -- Supun Malinga, Senior Software Engineer, WSO2 Inc. http://wso2.com email: [email protected] <[email protected]> mobile: +94 (0)71 56 91 321
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
