Hello, Thanks for replying...
My current tomcat version is 8.5.x hosted on windows 2012 R2 server and no other web server as fronted web server. CSP values shared with me is : "default-src 'self' 'unsafe-eval' 'unsafe-inline' *.mycompany.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.mycompany.com data:; connect-src ‘self’ *. mycompany.com" I am new to Tomcat setup and able to add headerfilter for other header but didnt find much help for CSP ones On Fri, Oct 4, 2019 at 3:08 AM Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Nitin, > > On 10/3/19 09:54, Nitin Kadam wrote: > > Hell All, > > > > Internal security team recommended to set *Content security policy* > > header for Web server as same is not complaint with security > > standard. can you please help me setting CSP filters for my Tomcat > > application hosted on windows server. > > Do you know the value you want to use for your CSP header? > > Enabling the header can be done in a number of ways, including using > http://tomcat.apache.org/tomcat-9.0-doc/rewrite.html > > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl2WajgACgkQHPApP6U8 > pFg9VxAAuhUwoIwgFmT23ynF/DNJxVaHVcIpu3v6ekHOE59T8mL4wd6s8356nw7G > tR19Q8S8aiRNiPWIfa9N5Ifis2p9KCJVCxck9PPxzqCVYM2wLaBWIzyoJz3GRQ4S > hDLdEhGJYEDUY6Oc1LLaa/ZhFz6+cb03NXRtmMT+ynVyO1w3BgL9+DbRhbqdbEd2 > SeFlAQTudakOcHe1nfy5r0pyaoGAVcPp5G6vLLtanWTPSpe2lWlRlW3Y6UAPFYBz > g2iNoIfsvIUR4sGcHcJXQZZ4hPFCvmOdziCXx1duG3P2ki4HZ11Zn3FyqfexCAwb > 7Di1f7m0kIZ52b/a6gDagZ5zg3FPKkDw4esW7ml0Bm73va4yD0hmg7Pv/nBIalcI > hNOl0fxpPnuq/XzfCzZM8ep7MweHD9U0xDnQQ6nVdLz8HjbM0fvUxe375brASGcT > KuCC3xqLy2xokVwNN+AAi5ccsOB+b5hPzF69XT4DlvZszTuwsYpIFCudfvVY/Zzk > SSogvNDGF5ERll7xVS6//NguwPfMFzeS7v01AtP+ojf6Bl4c6jEoH8mEgckTaVyR > R5kX9yeDOwnA2Q8DHOw32R748UcfoErophkGLbqpuS3uHIkQQQA0UuWgFWZHDUfl > H2DBkFtDmlCLQR4m8F6WCbANsllZvf9LQBfsysCDb66CvMep9wQ= > =oC/r > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Regards Nitin Kadam (9967688959)