前端之家

  1. 首页
  2. 问答

无法在Tomcat 7.0.82中启用HttpHeaderSecurityFilter

问答

我已经编辑了web.xml以启用HttpHeaderSecurityFilter,添加了一些参数并重新启动了Tomcat。我在响应标头中没有看到strict-transport-security

我已经在多个Tomcat 9安装中执行了相同的步骤,并在web.xml中使用了相同的值,并且可以正常工作。

web.xml中的相关条目(某些参数是默认的,我知道不需要,但在尝试解决此问题时我添加了这些参数):

<filter>
    <filter-name>httpHeaderSecurity</filter-name>
    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
    <async-supported>true</async-supported>
    <init-param>
        <param-name>hstsEnabled</param-name>
        <param-value>true</param-value>
    </init-param> 
    <init-param>
        <param-name>hstsMaxAgeSeconds</param-name>
        <param-value>31536000</param-value>
    </init-param>
    <init-param>
        <param-name>hstsIncludeSubDomains</param-name>
        <param-value>true</param-value>
    </init-param>
    <init-param>
        <param-name>hstsPreload</param-name>
        <param-value>true</param-value>
    </init-param>
    <init-param>
        <param-name>antiClickJackingEnabled</param-name>
        <param-value>true</param-value>
    </init-param>
    <init-param>
        <param-name>antiClickJackingOption</param-name>
        <param-value>DENY</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>httpHeaderSecurity</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>

ServerInfo:

Server version: Apache Tomcat/7.0.82
Server built:   Sep 29 2017 12:23:15 UTC
Server number:  7.0.82.0
OS Name:        Linux
OS Version:     3.10.0-1062.12.1.el7.x86_64
Architecture:   amd64
JVM Version:    1.8.0_131-b11
JVM Vendor:     Oracle Corporation
iandbibi 回答:无法在Tomcat 7.0.82中启用HttpHeaderSecurityFilter
暂时没有好的解决方案,如果你有好的解决方案,请发邮件至:iooj@foxmail.com
clickjackinghttp-headersstrict-transport-securitytomcattomcat7
本文链接:https://www.f2er.com/1473436.html

大家都在问