Works now, thanks. -----Original Message----- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, November 14, 2016 4:38 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Tomcat 9 How do you set httpHeaderSecurity properly
On 14/11/2016 21:32, Dustin Delage wrote: > What's this filter mapping you speak of? https://java.net/downloads/servlet-spec/Final/servlet-3_1-final.pdf The Tomcat docs (and to a lesser extent this list) assume users of Tomcat are familiar with the Servlet specification. While it appears you need to read all of that document fairly soon, chapter 6 should answer your immediate questions. Mark > > -----Original Message----- > From: Mark Thomas [mailto:ma...@apache.org] > Sent: Monday, November 14, 2016 4:16 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: Tomcat 9 How do you set httpHeaderSecurity properly > > On 14/11/2016 21:11, Dustin Delage wrote: >> Trying to enable some header filters in web.xml and NOT having any >> luck. I pretty much had to guess how to do this and my config looks >> like >> this: >> >> <filter> >> <filter-name>httpHeaderSecurity</filter-name> >> >> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</f >> i >> lter >> -class> >> <init-param> >> >> <param-name>blockContentTypeSniffingEnabled</param-name> >> <param-value>true</param-value> >> </init-param> > Not necessary - that is the default. > > >> <init-param> >> >> <param-name>antiClickJackingEnabled</param-name> >> <param-value>true</param-value> >> </init-param> > Not necessary - that is the default. > > >> <init-param> >> >> <param-name>antiClickJackingOption</param-name> >> <param-value>SAMEORIGIN</param-value> >> </init-param> > This one you will need. > > >> <init-param> >> >> <param-name>xssProtectionEnabled</param-name> >> <param-value>true</param-value> >> </init-param> >> <async-supported>true</async-supported> > Not necessary - that is the default. > > >> </filter> > > And the filter mapping? > > Mark > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
