What's this filter mapping you speak of? -----Original Message----- From: Mark Thomas [mailto:[email protected]] Sent: Monday, November 14, 2016 4:16 PM To: Tomcat Users List <[email protected]> Subject: Re: Tomcat 9 How do you set httpHeaderSecurity properly
On 14/11/2016 21:11, Dustin Delage wrote: > Trying to enable some header filters in web.xml and NOT having any > luck. I pretty much had to guess how to do this and my config looks like > this: > > <filter> > <filter-name>httpHeaderSecurity</filter-name> > > <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</fi > lter > -class> > <init-param> > > <param-name>blockContentTypeSniffingEnabled</param-name> > <param-value>true</param-value> > </init-param> Not necessary - that is the default. > <init-param> > > <param-name>antiClickJackingEnabled</param-name> > <param-value>true</param-value> > </init-param> Not necessary - that is the default. > <init-param> > > <param-name>antiClickJackingOption</param-name> > <param-value>SAMEORIGIN</param-value> > </init-param> This one you will need. > <init-param> > > <param-name>xssProtectionEnabled</param-name> > <param-value>true</param-value> > </init-param> > <async-supported>true</async-supported> Not necessary - that is the default. > </filter> And the filter mapping? Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
