https://bz.apache.org/bugzilla/show_bug.cgi?id=54618
Mark Thomas changed:
What|Removed |Added
Resolution|--- |FIXED
https://bz.apache.org/bugzilla/show_bug.cgi?id=54618
Ralf Hauser changed:
What|Removed |Added
Product|Tomcat 7|Tomcat 8
https://bz.apache.org/bugzilla/show_bug.cgi?id=54618
--- Comment #19 from Ralf Hauser ---
add a "preload" init-param as per https://hstspreload.org/
and https://bugzilla.mozilla.org/show_bug.cgi?id=1334764
--
You are receiving this mail because:
You are the assignee for the
https://bz.apache.org/bugzilla/show_bug.cgi?id=54618
--- Comment #18 from Ralf Hauser ---
Interesting client side discussions in
https://bugzilla.mozilla.org/show_bug.cgi?id=572803#c10
--
You are receiving this mail because:
You are the assignee for the bug.
https://bz.apache.org/bugzilla/show_bug.cgi?id=54618
Ralf Hauser changed:
What|Removed |Added
CC||hau...@acm.org
--
You
https://bz.apache.org/bugzilla/show_bug.cgi?id=54618
--- Comment #17 from Ilguiz Latypov ---
A web application using Spring hijacked the global filter configuration (did
not add the header).
--
You are receiving this mail because:
You are the assignee for the bug.
https://bz.apache.org/bugzilla/show_bug.cgi?id=54618
Mark Thomas ma...@apache.org changed:
What|Removed |Added
Resolution|--- |FIXED
https://bz.apache.org/bugzilla/show_bug.cgi?id=54618
--- Comment #15 from Mark Thomas ma...@apache.org ---
I've just added an HTTP header security filter that adds the HSTS header by
default for 9.0.x. I plan to expand the set of headers this filter adds/
--
You are receiving this mail because:
https://issues.apache.org/bugzilla/show_bug.cgi?id=54618
Matafagafo matafag...@yahoo.com changed:
What|Removed |Added
CC|
https://issues.apache.org/bugzilla/show_bug.cgi?id=54618
--- Comment #14 from Matthew de Detrich mdedetr...@gmail.com ---
I agree that this is something that should be able to be implemented without
having to edit application code, particularly if it prevents the issues
regarding ordering that
https://issues.apache.org/bugzilla/show_bug.cgi?id=54618
--- Comment #13 from Jens Borgland jens.borgl...@gmail.com ---
The filter I wrote was intended as a suggestion, I haven't used this actual
implementation anywhere. I agree that the header should be set before calling
chain.doFilter() so if
https://issues.apache.org/bugzilla/show_bug.cgi?id=54618
Christopher Schultz ch...@christopherschultz.net changed:
What|Removed |Added
Attachment #3|application/octet-stream
https://issues.apache.org/bugzilla/show_bug.cgi?id=54618
--- Comment #9 from Christopher Schultz ch...@christopherschultz.net ---
(In reply to Steve Sether from comment #8)
I think this is an important feature for Tomcat to support out of the box.
Then vote for it: there are currently 5 votes
https://issues.apache.org/bugzilla/show_bug.cgi?id=54618
--- Comment #10 from Christopher Schultz ch...@christopherschultz.net ---
I think there is a bug in the Filter implementation provided by Jens:
The filter calls chain.doFilter() and then adds the header afterward. This
isn't going to work
https://issues.apache.org/bugzilla/show_bug.cgi?id=54618
--- Comment #11 from Konstantin Kolinko knst.koli...@gmail.com ---
(In reply to Christopher Schultz from comment #9)
The Filter can be added to conf/web.xml and will apply to all web
applications hosted by the container. I'm not sure in
https://issues.apache.org/bugzilla/show_bug.cgi?id=54618
--- Comment #12 from Konstantin Kolinko knst.koli...@gmail.com ---
(In reply to Steve Sether from comment #8)
Furthermore though, headers like this should be insanely easy to just add to
all the headers of a domain hosted on a machine.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54618
--- Comment #8 from Steve Sether st...@sether.org ---
I think this is an important feature for Tomcat to support out of the box.
Furthermore though, headers like this should be insanely easy to just add to
all the headers of a domain
https://issues.apache.org/bugzilla/show_bug.cgi?id=54618
Christopher Schultz ch...@christopherschultz.net changed:
What|Removed |Added
Summary|Add filter implementing
18 matches
Mail list logo