Thank you Olaf, however, the connection was made over https directly to Tomcat on port 8443.
Thanks, Dream * Excel * Explore * Inspire Jon McAlexander Senior Infrastructure Engineer Asst. Vice President He/His Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. > -----Original Message----- > From: Olaf Kock <tom...@olafkock.de> > Sent: Friday, April 21, 2023 1:48 AM > To: users@tomcat.apache.org > Subject: Re: OT: hsts in Tomcat 9.0.73 > > > Am 21.04.23 um 07:03 schrieb jonmcalexan...@wellsfargo.com.INVALID: > > No, there is no error and no stack trace. Everything works, just the hsts > header isn't in the list of headers. > > > The lowest hanging fruit: HSTS is only defined on https - on http it doesn't > have any meaning and Tomcat would be correct in not sending it (I haven't > looked at the source if it does, but it should be easy to test) > > If you have a reverse proxy handling https & proxying through http, Tomcat > might not know that it'd be fine to send the header. (If that is your case, > there is the brute force "secure" attribute on the connector > - use it only when there's no way to connect through http from anywhere > but your reverse proxy) > > This has bitten me a few times > > Olaf > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
