Re: Content Security policy for Tomcat 8.5

Fri, 04 Oct 2019 02:43:52 -0700 

 Hello,

Thanks for replying...

My current tomcat version is 8.5.x hosted on windows 2012 R2 server and no
other web server as fronted web server.

CSP values shared with me  is : "default-src  'self' 'unsafe-eval'
'unsafe-inline' *.mycompany.com; script-src 'self' 'unsafe-inline'
'unsafe-eval'; img-src 'self' *.mycompany.com data:; connect-src ‘self’ *.
mycompany.com"

I am new to Tomcat setup and able to add headerfilter for other header but
didnt find much help for CSP ones




On Fri, Oct 4, 2019 at 3:08 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Nitin,
>
> On 10/3/19 09:54, Nitin Kadam wrote:
> > Hell All,
> >
> > Internal security team recommended to set *Content security policy*
> > header for Web server as same is not complaint with security
> > standard. can you please help me setting CSP filters for my Tomcat
> > application hosted on windows server.
>
> Do you know the value you want to use for your CSP header?
>
> Enabling the header can be done in a number of ways, including using
> http://tomcat.apache.org/tomcat-9.0-doc/rewrite.html
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl2WajgACgkQHPApP6U8
> pFg9VxAAuhUwoIwgFmT23ynF/DNJxVaHVcIpu3v6ekHOE59T8mL4wd6s8356nw7G
> tR19Q8S8aiRNiPWIfa9N5Ifis2p9KCJVCxck9PPxzqCVYM2wLaBWIzyoJz3GRQ4S
> hDLdEhGJYEDUY6Oc1LLaa/ZhFz6+cb03NXRtmMT+ynVyO1w3BgL9+DbRhbqdbEd2
> SeFlAQTudakOcHe1nfy5r0pyaoGAVcPp5G6vLLtanWTPSpe2lWlRlW3Y6UAPFYBz
> g2iNoIfsvIUR4sGcHcJXQZZ4hPFCvmOdziCXx1duG3P2ki4HZ11Zn3FyqfexCAwb
> 7Di1f7m0kIZ52b/a6gDagZ5zg3FPKkDw4esW7ml0Bm73va4yD0hmg7Pv/nBIalcI
> hNOl0fxpPnuq/XzfCzZM8ep7MweHD9U0xDnQQ6nVdLz8HjbM0fvUxe375brASGcT
> KuCC3xqLy2xokVwNN+AAi5ccsOB+b5hPzF69XT4DlvZszTuwsYpIFCudfvVY/Zzk
> SSogvNDGF5ERll7xVS6//NguwPfMFzeS7v01AtP+ojf6Bl4c6jEoH8mEgckTaVyR
> R5kX9yeDOwnA2Q8DHOw32R748UcfoErophkGLbqpuS3uHIkQQQA0UuWgFWZHDUfl
> H2DBkFtDmlCLQR4m8F6WCbANsllZvf9LQBfsysCDb66CvMep9wQ=
> =oC/r
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 
Regards
Nitin Kadam
(9967688959)

Reply via email to