Dear Chris,
Thank you so much for your suggestion.
Now I can solve this problem, cause is the request url path with special
characters were handled by web application framework.
But my application framework's configuration not apply for special
characters in url. So it return default page without
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Pattavee,
On 1/1/20 22:55, Pattavee Sanchol wrote:
> Dear Chris,
>
> I follow your suggestion, change my app to ROOT but request with
> special characters on url path still response with no HSTS header.
> detail on e.g. below
>
>
> [sys01@webgat
Dear Chris,
I follow your suggestion, change my app to ROOT but request with special
characters on url path still response with no HSTS header.
detail on e.g. below
[sys01@webgateway ~]$ curl -I -k "https://192.168.136.3:8443";
HTTP/1.1 200
Strict-Transport-Security: max-age=31536000;includeSu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Pattavee,
On 12/26/19 05:22, Pattavee Sanchol wrote:
> Dear support team
>
> I config tomcat server to enabled HSTS some request URI path not
> response with Secure heading
>
> The configuration illustrated below
>
>
>
> httpHeaderSecurity
>
Dear Olaf
Thank you so much for your reply.
*problem: You're trying to deliver the HSTS header for some, but not allof
the requests coming in(?) (Otherwise, please correct) *
- > No. I want to respond HSTS header in all request but after I follow
configuration below it not response HSTS header
On 26.12.19 11:22, Pattavee Sanchol wrote:
> Dear support team
>
> I config tomcat server to enabled HSTS some request URI path not
> response with Secure heading
>
> ...
>
>
> I some request URI such as http://192.168.1.1/%20 is not response with
> security hedering
>
>
> this is working
>
>
> im
Dear support team
I config tomcat server to enabled HSTS some request URI path not response
with Secure heading
The configuration illustrated below
httpHeaderSecurity
org.apache.catalina.filters.HttpHeaderSecurityFilter
true
hstsEnabled
true
