You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Nitin Kadam <ni...@gmail.com> on 2020/09/09 17:54:00 UTC

How to Set Content Security Policy headers in Tomcat 8.5.x

Hi All,

Need to set the *Content security policy* header for Tomcat Web server
(8.5..x) which hosted on Windows server 2012, As per the internal security
team same is not a complaint
can you please help me setting CSP filters for my Tomcat application hosted
on windows server.

below the screenshot from securityheaders.com

[image: image.png]

-- 
Regards
Nitin Kadam

Re: How to Set Content Security Policy headers in Tomcat 8.5.x

Posted by Martin Grigorov <mg...@apache.org>.

Hi,

On Wed, Sep 9, 2020 at 8:54 PM Nitin Kadam <ni...@gmail.com> wrote:

> Hi All,
>
> Need to set the *Content security policy* header for Tomcat Web server
> (8.5..x) which hosted on Windows server 2012, As per the internal security
> team same is not a complaint
> can you please help me setting CSP filters for my Tomcat application
> hosted on windows server.
>

You can use javax.servlet.Filter to add such custom headers.
See
https://github.com/apache/tomcat/blob/53c304ad1f65a09c921c40e03a115de438f6c68a/java/org/apache/catalina/filters/HttpHeaderSecurityFilter.java
for
inspiration.
More about Filters you can read in the web, e.g.
https://www.tutorialspoint.com/servlets/servlets-writing-filters.htm

>
> below the screenshot from securityheaders.com
>
> [image: image.png]
>
> --
> Regards
> Nitin Kadam
>
>