On 9/14/23 08:03, Thomas Hoffmann (Speed4Trade GmbH) wrote:
Sorry, I thought removing all content and subject is sufficient. Maybe the
message-id header is used internally(?)
TL;DR: technical details about message threading. Not about Tomcat.
This is what happens when you reply to an
Chris,
this is what's happening with the globally configured HttpHeaderSecurityFilter:
curl -ik "https://localhost:8443/manager/;
HTTP/2 302
x-frame-options: DENY
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
location: /manager/html
Hello Chris,
> -Ursprüngliche Nachricht-
> Von: Christopher Schultz
> Gesendet: Donnerstag, 14. September 2023 15:26
> An: users@tomcat.apache.org
> Betreff: Re: HSTS on 401 / error pages
>
> Thomas,
>
> Please start a new thread next time.
Sorry, I thought removing all content and
Thomas,
Please start a new thread next time.
On 9/14/23 02:20, Thomas Hoffmann (Speed4Trade GmbH) wrote:
Hello everyone,
I would like to get your opinion about the HttpHeaderSecurityFilter in Tomcat.
I configured HSTS in Tomcat and it works well.
When I do a pen-test with burpsuite it
Brian,
On 9/13/23 23:25, Brian Wolfe wrote:
The PKCS12 is the industry standard keystore format. Your mac should be
creating it in that version. You should get familiar using the pkcs12. Its
not difficult to set it up. keytool and openssl support pkcs12 and have for
some time now. Its possible
On Wed, Sep 13, 2023 at 8:21 AM Christopher Schultz
wrote:
>
> Aryeh,
>
> On 9/12/23 17:50, Aryeh Friedman wrote:
> > On Tue, Sep 12, 2023 at 1:51 PM Christopher Schultz
> > wrote:
> >>
> >> Aryeh,
> >>
> >> On 9/12/23 12:42, Aryeh Friedman wrote:
> >>> On Tue, Sep 12, 2023 at 11:42 AM
Hello everyone,
I would like to get your opinion about the HttpHeaderSecurityFilter in Tomcat.
I configured HSTS in Tomcat and it works well.
When I do a pen-test with burpsuite it complains that HSTS header is missing on
401 responses.
I couldn’t find much information about whether HSTS makes
