Dear Chris, Thank you so much for your suggestion. Now I can solve this problem, cause is the request url path with special characters were handled by web application framework. But my application framework's configuration not apply for special characters in url. So it return default page without HSTS header. I setting new config for handle its then working for this problem.
Regards. *ปฐวี สรรค์ชลPattavee SANCHOL* * <http://www.thaidigitalid.com> * *Thai Digital ID CO.,LTD. <http://www.thaidigitalid.com>* 319, 25th Floor, Room 10-11, Chamchuri Square Building, Phayathai Road, Phathum Wan, Bangkok Thailand 10330 Tel : +66-029-0290 ext. 3317 E-mail : pattavee....@thaidigitalid.com On Thu, Jan 2, 2020 at 10:49 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Pattavee, > > On 1/1/20 22:55, Pattavee Sanchol wrote: > > Dear Chris, > > > > I follow your suggestion, change my app to ROOT but request with > > special characters on url path still response with no HSTS header. > > detail on e.g. below > > > > > > [sys01@webgateway ~]$ curl -I -k "https://192.168.136.3:8443"; > > > > HTTP/1.1 200 > > > > Strict-Transport-Security: max-age=31536000;includeSubDomains > > > > X-Frame-Options: SAMEORIGIN > > > > X-Content-Type-Options: nosniff > > > > X-XSS-Protection: 1; mode=block > > > > Set-Cookie: > > JSESSIONID=11B6A6F834606B167C2281DB1381BBC2;path=/;Secure;HttpOnly > > > > Content-Type: text/html;charset=UTF-8 > > > > Transfer-Encoding: chunked > > > > Date: Thu, 02 Jan 2020 03:46:13 GMT > > > > > > > > > > [sys01@webgateway ~]$ curl -I -k "https://192.168.136.3:8443/%20"; > > > > HTTP/1.1 200 > > > > Set-Cookie: > > JSESSIONID=DC2234708B03D66FFC6D30178F083145;path=/;Secure;HttpOnly > > > > Content-Type: text/html;charset=UTF-8 > > > > Transfer-Encoding: chunked > > > > Date: Thu, 02 Jan 2020 03:47:54 GMT > > > > Regards. > > Can you please package-up a WAR file with the above configuration, > name it ROOT.war, deploy it into a fresh Tomcat server and re-test > with 8.5.50? If it fails, please post the WAR file somewhere I can > fetch it and test it myself. > > You do not need any additional files except maybe an index.html file > to avoid 404 responses. > > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4OEOgACgkQHPApP6U8 > pFgZCRAAxJHr5NHqabbOF1gtEuGKiuF0ZBI3tIF3NXbxv3UhV+sa8xd1XImGVbeU > +t21EcmFYY2DEoq42H3NK9QBgHnKALypFaZRFxrVakwfQcRQE9zrkKMYPFmt7rfx > ms5wqpCqSYKdn13Ud6vP9c6vfaHJcDQAoAUUrS6Y7c/Otsvtx02bRppz2RClx5+w > xnnKzQrUDOFYbpE6Pjw8W09S5UrLFujdPrFS/x+a9mLPa0ve+mT5v1hVTxsaw+Eu > oj8mJyIG6ySztP8L2ie6ghLi5aa4j9oSvCIqmLmKbVmMqClj2N70pJV6XDFxKYw3 > 0Iz8a/7oU7u04giG3I1/VpdKoUlOUBurDjVi2JrjkCCvUp4NS6EM8VOB5EEvcVet > qZ6vfEShq5q+o6UWBScQKItSvl61N6aUESMiY9ice6qwAvsJaalDeCZHY1QzHsBY > BCCzZX28fMSfaDlE1FPOiFBpMeBiBTSkonjS5D+nj5VF5tLjSus9TBN3/Jr1X1nD > hTJOHZGW1HI9YxDQXt/Sx/hvL+IwRhjr61eRaW6c5fWiDPVSYl60FuHAC4oN0Prq > 1ws687Aw8OL+U2lOz0GfbfYZC0o3dKUOxUkeaQ/gBBEBiwYmjr7vSWgW9xC9mFkY > kukuW01axNc8/Ma4qKIZ563dW78BY5bfWUETBsgr3viQZUjRp+E= > =4nX+ > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > --
