-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Pattavee,
On 1/1/20 22:55, Pattavee Sanchol wrote: > Dear Chris, > > I follow your suggestion, change my app to ROOT but request with > special characters on url path still response with no HSTS header. > detail on e.g. below > > > [sys01@webgateway ~]$ curl -I -k "https://192.168.136.3:8443" > > HTTP/1.1 200 > > Strict-Transport-Security: max-age=31536000;includeSubDomains > > X-Frame-Options: SAMEORIGIN > > X-Content-Type-Options: nosniff > > X-XSS-Protection: 1; mode=block > > Set-Cookie: > JSESSIONID=11B6A6F834606B167C2281DB1381BBC2;path=/;Secure;HttpOnly > > Content-Type: text/html;charset=UTF-8 > > Transfer-Encoding: chunked > > Date: Thu, 02 Jan 2020 03:46:13 GMT > > > > > [sys01@webgateway ~]$ curl -I -k "https://192.168.136.3:8443/%20" > > HTTP/1.1 200 > > Set-Cookie: > JSESSIONID=DC2234708B03D66FFC6D30178F083145;path=/;Secure;HttpOnly > > Content-Type: text/html;charset=UTF-8 > > Transfer-Encoding: chunked > > Date: Thu, 02 Jan 2020 03:47:54 GMT > > Regards. Can you please package-up a WAR file with the above configuration, name it ROOT.war, deploy it into a fresh Tomcat server and re-test with 8.5.50? If it fails, please post the WAR file somewhere I can fetch it and test it myself. You do not need any additional files except maybe an index.html file to avoid 404 responses. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4OEOgACgkQHPApP6U8 pFgZCRAAxJHr5NHqabbOF1gtEuGKiuF0ZBI3tIF3NXbxv3UhV+sa8xd1XImGVbeU +t21EcmFYY2DEoq42H3NK9QBgHnKALypFaZRFxrVakwfQcRQE9zrkKMYPFmt7rfx ms5wqpCqSYKdn13Ud6vP9c6vfaHJcDQAoAUUrS6Y7c/Otsvtx02bRppz2RClx5+w xnnKzQrUDOFYbpE6Pjw8W09S5UrLFujdPrFS/x+a9mLPa0ve+mT5v1hVTxsaw+Eu oj8mJyIG6ySztP8L2ie6ghLi5aa4j9oSvCIqmLmKbVmMqClj2N70pJV6XDFxKYw3 0Iz8a/7oU7u04giG3I1/VpdKoUlOUBurDjVi2JrjkCCvUp4NS6EM8VOB5EEvcVet qZ6vfEShq5q+o6UWBScQKItSvl61N6aUESMiY9ice6qwAvsJaalDeCZHY1QzHsBY BCCzZX28fMSfaDlE1FPOiFBpMeBiBTSkonjS5D+nj5VF5tLjSus9TBN3/Jr1X1nD hTJOHZGW1HI9YxDQXt/Sx/hvL+IwRhjr61eRaW6c5fWiDPVSYl60FuHAC4oN0Prq 1ws687Aw8OL+U2lOz0GfbfYZC0o3dKUOxUkeaQ/gBBEBiwYmjr7vSWgW9xC9mFkY kukuW01axNc8/Ma4qKIZ563dW78BY5bfWUETBsgr3viQZUjRp+E= =4nX+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org