We recently enabled the httpHeaderSecurity filter globally (i.e., in
conf/web.xml) on several customer Tomcat servers, thusly:
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
<async-supported>true</async-supported>
</filter>
and now, it seems to be having a side effect on our mobile app, such
that the "dashboard" function of our product, while it continues to work
when accessed from a browser, is failing when accessed from our mobile
app. So far as we know, it's *only* the dashboard function (which is in
turn based on BIRT).
I know this sounds vague; it's vague because I haven't a clue what's
going on. I was hoping that somebody here might have some insights I
could pass on to our webapp/mobile app team.
--
James H. H. Lampert
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org