I've solved this by removing the completely and
doing a 301 redirect to https:// in nginx (which is in front of
Tomcat) instead:
https://nginx.org/en/docs/http/converting_rewrite_rules.html
Also added HTST header as suggested in this thread:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 8/17/18 11:49 AM, Mark Thomas wrote:
> On 17/08/18 14:57, Christopher Schultz wrote:
>> Mark,
>>
>> On 8/17/18 4:09 AM, Mark Thomas wrote:
>>> On 16/08/18 13:40, Martynas Jusevičius wrote:
Hi,
my initial observations
On 17/08/18 14:57, Christopher Schultz wrote:
> Mark,
>
> On 8/17/18 4:09 AM, Mark Thomas wrote:
>> On 16/08/18 13:40, Martynas Jusevičius wrote:
>>> Hi,
>>>
>>> my initial observations suggest, and SO post [1] seems to
>>> confirm, that when
>>>
>>>
>>> CONFIDENTIAL
>>>
>>>
>>> is specified
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 8/17/18 4:09 AM, Mark Thomas wrote:
> On 16/08/18 13:40, Martynas Jusevičius wrote:
>> Hi,
>>
>> my initial observations suggest, and SO post [1] seems to
>> confirm, that when
>>
>>
>> CONFIDENTIAL
>>
>>
>> is specified on a
On 16/08/18 13:40, Martynas Jusevičius wrote:
> Hi,
>
> my initial observations suggest, and SO post [1] seems to confirm, that when
>
>
> CONFIDENTIAL
>
>
> is specified on a security-constraint in web.xml, Tomcat does two things:
> 1. automatically redirects to
Hi Martynas,
On 16.08.2018 14:40, Martynas Jusevičius wrote:
Hi,
my initial observations suggest, and SO post [1] seems to confirm, that when
CONFIDENTIAL
is specified on a security-constraint in web.xml, Tomcat does two things:
1. automatically redirects to
Hi,
my initial observations suggest, and SO post [1] seems to confirm, that when
CONFIDENTIAL
is specified on a security-constraint in web.xml, Tomcat does two things:
1. automatically redirects to HTTPS
2. appends Cache-Control: private and Expires: Thu, 01 Jan
