-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 12/18/13, 10:55 AM, Mark Thomas wrote: > On 18/12/2013 15:48, Dariusz Gorczyca wrote: >> Recently a was working on X-Frame-Options and discovered that >> Tomcat 7 and 8 doesn't support that solution for Clickjacking >> security. One of the solution is to hide Tomcat behind Apache , >> but it can't be done. Is there anyone who knows if there are any >> plans to implement it eg. as a tag in server.xml file ? > > There are currently no plans to provide an option for that. You > can always write a simple filter. +1 If there is a particular reason for the server to handle this, it would seem reasonable to provide such a filter out of the box. I'm not convinced that the server itself is required, here. There are several Filters that are often recommended for various uses. We could potentially put the source for such filters into the Wiki, or examples webapp, or somewhere else where the community could have access to them even if they are not a part of the formal Tomcat server package. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSsdxzAAoJEBzwKT+lPKRYJa4QAJvDCan2k25A0n8UxQ/8FUnS GpL8CGa37Dk/5STcuz3JOsgYrslggEAj383W9swYz3Ta0T2GsyqNTq1/c8FWvbhp B0FVt5Aucthz0z0L1eMdKgm3dXIv6h9Wl04rDyTQjCWC9rx7vMKczfbBvr2OIPgM JV4sgOQ4aXhKPmd13GCkLujbi3HNjAGnwrleTIUkMElWVopPFc+LfGAPzO/DJLoF cqEQcj3BuCoC5hCieRmmTe6vqD3ZK4YlMYKGbYOdY3eDbdFq/rG6fcKj/rvt7nlm SdtmKymP6bbKDif6p1/bTtyZrpcJVDJ7bHgbLSX5v787cYg98jb/WTASHJGrN9fk LultCiq4uZVhSYNtJ8DuIiTW7t/rwzdW5ifFfRIhAigATsWwOfqnaXJK+hWNH9Bu euEbMb3k/F1g2ibJQNIwBAs3C6fkkgl6vibDLRJ3GMMEe2nnqyFaFzdtWREkR5RU P4f9H9C1pITKeTXFo//HMKQYsfM9rsIdySy/z2piULlVNPPRVbU2Ff5s3MhzPM+G GLbpqB81Y0ycN+MJ6d9/Xubjea2H/WL1zlfkthR776CQ46HuoBEOJty/a+LwNmdt 0et8qvxuxiEqyqtaHAgvOokeeOTFBZHJKWC1T6+JbYLW3Q2LnOuVFHWyPq0pgBvF nxAkKu4Kj2qMInd75jfW =Rmix -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
