[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15058506#comment-15058506 ] Jacques Le Roux commented on OFBIZ-6766: Thanks Jacopo, quite new :) > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15058368#comment-15058368 ] Forrest Rae commented on OFBIZ-6766: Jacques, In the spirit of secure by default I'd like to throw my vote in for HttpHeaderSecurityFilter being enabled by default moving forward. hstsEnabled is an absolute must, do this over the other two. A work around if you leverage the mod_ajpproxy setup of Apache server in front of Tomcat, there is a really awesome Apache config found in the Better Crypto Guide that enables HSTS here: https://bettercrypto.org blockContentTypeSniffingEnabled would really help in situations where file uploads are replayed back to another user's web browser to prevent arbitrary HTML and JavaScript being executed in the SAMEORIGIN. More info: http://security.stackexchange.com/questions/12896/does-x-content-type-options-really-prevent-content-sniffing-attacks Clickjacking can be more severe than you think, and any counter measures you can provide would be great for users. > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15058482#comment-15058482 ] Jacopo Cappellato commented on OFBIZ-6766: -- For your information: https://bz.apache.org/bugzilla/show_bug.cgi?id=58735 > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15058471#comment-15058471 ] Jacques Le Roux commented on OFBIZ-6766: 4th step at r1720213: X-XSS-Protection > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15058474#comment-15058474 ] Jacques Le Roux commented on OFBIZ-6766: I'm not sure yet > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15058473#comment-15058473 ] Jacques Le Roux commented on OFBIZ-6766: Thanks, I will check that > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15058394#comment-15058394 ] Forrest Rae commented on OFBIZ-6766: Two useful sites besides CheckYourHeaders: https://securityheaders.io/ https://report-uri.io/ > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15058515#comment-15058515 ] Jacques Le Roux commented on OFBIZ-6766: If you want to see it all use "View" on trunk HEAD at http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15058500#comment-15058500 ] Jacques Le Roux commented on OFBIZ-6766: strict-transport-security (hst header) was done with r1719660 and "blockContentTypeSniffingEnabled" (aka "x-content-type-options", "nosniff") was already done with r1719939 (sorry it's maybe hard to follow the commits flow because I have to test different strategies) BTW, this is a WIP, I know there are still some weak parts, please be patient :) > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15058505#comment-15058505 ] Jacques Le Roux commented on OFBIZ-6766: I put some reference above (and now below), you can follow commits in this issue. Just look for instance at http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?r1=1720213&r2=1720212&pathrev=1720213 > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15058472#comment-15058472 ] Forrest Rae commented on OFBIZ-6766: Jacques, apologies for the questions if they weren't applicable, I didn't have any background info. I thought you were suggesting not enabling protections, but I see you're accomplishing it in another manner. Can you link me to RequestHandler? I've not seen any info on it. > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15058479#comment-15058479 ] Jacques Le Roux commented on OFBIZ-6766: As I said in my conclusion, I think this and others filters are more to be used in custom projects. They are hard to set OOTB and would certainly need to be tweaked in custom projects anyway. Of course, as ever, contribution are welcome ;) > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15058469#comment-15058469 ] Jacques Le Roux commented on OFBIZ-6766: Hi Forrest, seems that we cross-posted, please read my conclusion in above comment. Did you follow my WIP at https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure ? > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15058440#comment-15058440 ] Jacques Le Roux commented on OFBIZ-6766: I had a try at using HttpHeaderSecurityFilter and I must say I'm a bit dissapointed. Because like it's said at https://tomcat.apache.org/tomcat-7.0-doc/security-howto.html#web.xml you can't have both your own way and HttpHeaderSecurityFilter: <>. Since, in RequestHandler class, I already covered all the points HttpHeaderSecurityFilter does (strict-transport-security, x-frame-options and x-content-type-options) there is not much interest in using it. It could even be counterproductive with duplicate or conflictings values. Moreover it does not handle X-XSS-Protection which is a breeze to set in RequestHandler. Finally doing so in RequestHandler has the advantage of not depending on Tomcat and cover not only OOTB web apps but any possible new ones. I had also a go with RestCsrfPreventionFilter, same dissapointement. It's hard to set as explained at https://www.mail-archive.com/users@tomcat.apache.org/msg88601.html. I gave up at this stage. Anyway all in all I prefer to handle security point by point rather to have a false sense of security relying on filters or what-not. > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15058376#comment-15058376 ] Forrest Rae commented on OFBIZ-6766: One more thing, are any of these going to be backported? > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15058373#comment-15058373 ] Forrest Rae commented on OFBIZ-6766: Also, definitely enable support for CORS, there is a great write-up here: https://scotthelme.co.uk/content-security-policy-an-introduction/ > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15056856#comment-15056856 ] Jacques Le Roux commented on OFBIZ-6766: Actually I put back r1719762, see why at OFBIZ-6655 (still WIP) > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15055499#comment-15055499 ] Jacques Le Roux commented on OFBIZ-6766: While working on a mean to introduce X-XSS-Protection in OFBiz I stumbled upon [this exchange between Jacopo and Mark Thomas about HttpHeaderSecurityFilter on the Tomcat users ML|https://mail-archives.apache.org/mod_mbox/tomcat-users/201510.mbox/%3c561633e6.4030...@apache.org%3E]. [~jacopoc] I did not find any progress, do you have something working on your side? BTW AFAIK, unlike the and attributes (see OFBIZ-6655), the [HttpHeaderSecurityFilter|https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#HTTP_Header_Security_Filter] is Tomcat specific (started at 7.0.63). So I believe is nice to have but not sufficient. Though we are not providing means to use another app server, users could have their own ways and then I don't think HttpHeaderSecurityFilter would be used. In the same spirit, I think we should also embed the [RestCsrfPreventionFilter|https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CSRF_Prevention_Filter_for_REST_APIs] and maybe [CORS Filter|https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter] and even maybe others there (Expires Filter, etc.) > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15054803#comment-15054803 ] Jacques Le Roux commented on OFBIZ-6766: The work on Set-Cookie will be done by OFBIZ-6655 > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15054802#comment-15054802 ] Jacques Le Roux commented on OFBIZ-6766: I reverted r1719762 at r1719764 because of OFBIZ-6655 > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15054789#comment-15054789 ] Jacques Le Roux commented on OFBIZ-6766: 4th step at revision: 1719762: setCookie > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15054314#comment-15054314 ] Jacques Le Roux commented on OFBIZ-6766: 3rd step at revision: 1719684 > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15054289#comment-15054289 ] Jacques Le Roux commented on OFBIZ-6766: 2nd commit at revision: 1719682 > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OFBIZ-6766) Secure HTTP headers
[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15054249#comment-15054249 ] Jacques Le Roux commented on OFBIZ-6766: 1st commit at revision: 1719660 > Secure HTTP headers > --- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux > Fix For: Upcoming Branch > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.3.4#6332)
