On 14/11/2016 21:11, Dustin Delage wrote: > Trying to enable some header filters in web.xml and NOT having any luck. I > pretty much had to guess how to do this and my config looks like this: > > <filter> > <filter-name>httpHeaderSecurity</filter-name> > > <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter > -class> > <init-param> > > <param-name>blockContentTypeSniffingEnabled</param-name> > <param-value>true</param-value> > </init-param> Not necessary - that is the default.
> <init-param> > > <param-name>antiClickJackingEnabled</param-name> > <param-value>true</param-value> > </init-param> Not necessary - that is the default. > <init-param> > > <param-name>antiClickJackingOption</param-name> > <param-value>SAMEORIGIN</param-value> > </init-param> This one you will need. > <init-param> > > <param-name>xssProtectionEnabled</param-name> > <param-value>true</param-value> > </init-param> > <async-supported>true</async-supported> Not necessary - that is the default. > </filter> And the filter mapping? Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
