-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Alejandro,
On 11/1/17 3:37 PM, Alejandro Vargas M. wrote: > Hello, > > I recently used on web.xml > > <filter> <filter-name>httpHeaderSecurity</filter-name> > <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</fi lter-class> > > <async-supported>true</async-supported> </filter> > > <filter-mapping> <filter-name>httpHeaderSecurity</filter-name> > <url-pattern>/*</url-pattern> </filter-mapping> > > to enable some security headers, but it won't enable Content > Security Policy header. Is there anyway to enable Content Security > Policy at top server level??? What were you expecting that Filter to generate for you? A header which disables everything? Not terribly useful. My recommendation would be to use something like url-rewrite[1] to add headers to every outgoing response. url-rewrite has very similar capabilities to httpd's mod_headers (and much more, of course). - -chris [1] http://tuckey.org/urlrewrite/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAln6KJkACgkQHPApP6U8 pFjuWRAAilRKahVEge71VBJrhragUyZuKR/uqEwfwpYj9Zq5DzI3I0JT6jwD8kwE //iuxBgDroVH/Xedn9oiMen9u1wSpf4p4fCQY0xcP99l6QnlgReimEM7Aoi24hTc WFgYlA2DVsKvmU0qjaI8HQoBrN+n8A+4Qhxu4fj5knNT1Sk1KppYDl/l6bkaI3Lc oPAvbYJbR2OV9SwCBoKFNjEPZwK9kTZhAr74gbErS/OZHcQAynZjHPcYl4+2K6Uj 98T3VKu6NIif5g3ry6TA9YYe5Dn3DyqBkY6wlAI91gRn7KjESDcJPcCiYglYDHqP 37ZdcP6LPmySFlBaug5E9811lyKIHnkpv/0OTaFM3AH0sulazBvLu38Ea5yeZQFC CofoYTMAY8KAlfwzKn+3RhTTQA8lmKHF/dVxQBRqP3vbN/+KU1KzqZmn2Q6KoYH+ Lf+gMJjeLE/0/8X9CnTaFPkmg7VbYgGmhGzgFkD85YTswT962L8M5evG1xdHaNiM ZZDEeYLWC/Cjdqvht3zQ0gvmI35pI1q2K/fnYb+mrV0eIi/rcosz99GQVpTTqS58 wCtIAKLChLuxuWoGp0+1+sI0ugwn9RmsIft34QBM1Us/FxGYc0Ou5VpBHE0JeYG8 G8RjZ+9eonM5ScwPrAZKZ7pd6qfCHY24/OvK6vT4HbRdqJbvWT8= =j1H+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org