You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Nitin Kadam <ni...@gmail.com> on 2020/09/09 17:54:00 UTC
How to Set Content Security Policy headers in Tomcat 8.5.x
Hi All,
Need to set the *Content security policy* header for Tomcat Web server
(8.5..x) which hosted on Windows server 2012, As per the internal security
team same is not a complaint
can you please help me setting CSP filters for my Tomcat application hosted
on windows server.
below the screenshot from securityheaders.com
[image: image.png]
--
Regards
Nitin Kadam
Re: How to Set Content Security Policy headers in Tomcat 8.5.x
Posted by Martin Grigorov <mg...@apache.org>.
Hi,
On Wed, Sep 9, 2020 at 8:54 PM Nitin Kadam <ni...@gmail.com> wrote:
> Hi All,
>
> Need to set the *Content security policy* header for Tomcat Web server
> (8.5..x) which hosted on Windows server 2012, As per the internal security
> team same is not a complaint
> can you please help me setting CSP filters for my Tomcat application
> hosted on windows server.
>
You can use javax.servlet.Filter to add such custom headers.
See
https://github.com/apache/tomcat/blob/53c304ad1f65a09c921c40e03a115de438f6c68a/java/org/apache/catalina/filters/HttpHeaderSecurityFilter.java
for
inspiration.
More about Filters you can read in the web, e.g.
https://www.tutorialspoint.com/servlets/servlets-writing-filters.htm
>
> below the screenshot from securityheaders.com
>
> [image: image.png]
>
> --
> Regards
> Nitin Kadam
>
>