What's this filter mapping you speak of? -----Original Message----- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, November 14, 2016 4:16 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Tomcat 9 How do you set httpHeaderSecurity properly
On 14/11/2016 21:11, Dustin Delage wrote: > Trying to enable some header filters in web.xml and NOT having any > luck. I pretty much had to guess how to do this and my config looks like > this: > > <filter> > <filter-name>httpHeaderSecurity</filter-name> > > <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</fi > lter > -class> > <init-param> > > <param-name>blockContentTypeSniffingEnabled</param-name> > <param-value>true</param-value> > </init-param> Not necessary - that is the default. > <init-param> > > <param-name>antiClickJackingEnabled</param-name> > <param-value>true</param-value> > </init-param> Not necessary - that is the default. > <init-param> > > <param-name>antiClickJackingOption</param-name> > <param-value>SAMEORIGIN</param-value> > </init-param> This one you will need. > <init-param> > > <param-name>xssProtectionEnabled</param-name> > <param-value>true</param-value> > </init-param> > <async-supported>true</async-supported> Not necessary - that is the default. > </filter> And the filter mapping? Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
