Re: Tomcat 9 How do you set httpHeaderSecurity properly

Mon, 14 Nov 2016 13:38:20 -0800 

On 14/11/2016 21:32, Dustin Delage wrote:
> What's this filter mapping you speak of?

https://java.net/downloads/servlet-spec/Final/servlet-3_1-final.pdf

The Tomcat docs (and to a lesser extent this list) assume users of
Tomcat are familiar with the Servlet specification.

While it appears you need to read all of that document fairly soon,
chapter 6 should answer your immediate questions.

Mark


> 
> -----Original Message-----
> From: Mark Thomas [mailto:ma...@apache.org]
> Sent: Monday, November 14, 2016 4:16 PM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: Tomcat 9 How do you set httpHeaderSecurity properly
> 
> On 14/11/2016 21:11, Dustin Delage wrote:
>> Trying to enable some header filters in web.xml and NOT having any
>> luck. I pretty much had to guess how to do this and my config looks like
>> this:
>>
>>     <filter>
>>         <filter-name>httpHeaderSecurity</filter-name>
>>
>> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</fi
>> lter
>> -class>
>>                      <init-param>
>>
>> <param-name>blockContentTypeSniffingEnabled</param-name>
>>                              <param-value>true</param-value>
>>                      </init-param>
> Not necessary - that is the default.
> 
> 
>>                      <init-param>
>>
>> <param-name>antiClickJackingEnabled</param-name>
>>                              <param-value>true</param-value>
>>                      </init-param>
> Not necessary - that is the default.
> 
> 
>>                      <init-param>
>>
>> <param-name>antiClickJackingOption</param-name>
>>                              <param-value>SAMEORIGIN</param-value>
>>                      </init-param>
> This one you will need.
> 
> 
>>                      <init-param>
>>
>> <param-name>xssProtectionEnabled</param-name>
>>                              <param-value>true</param-value>
>>                      </init-param>
>>         <async-supported>true</async-supported>
> Not necessary - that is the default.
> 
> 
>>     </filter>
> 
> And the filter mapping?
> 
> Mark
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to