We recently enabled the httpHeaderSecurity filter globally (i.e., in conf/web.xml) on several customer Tomcat servers, thusly:

<filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <init-param> <param-name>antiClickJackingOption</param-name> <param-value>SAMEORIGIN</param-value> </init-param> <async-supported>true</async-supported> </filter>

and now, it seems to be having a side effect on our mobile app, such that the "dashboard" function of our product, while it continues to work when accessed from a browser, is failing when accessed from our mobile app. So far as we know, it's *only* the dashboard function (which is in turn based on BIRT).

I know this sounds vague; it's vague because I haven't a clue what's going on. I was hoping that somebody here might have some insights I could pass on to our webapp/mobile app team.

James H. H. Lampert

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to