On 15/01/2019 10:43, Ravi Kumar wrote: > Hi All, > > I am facing an issue. It is kind of Security issue as Tomcat's ETag header > in Response header can reveal vital info.
What vital info? The ETag is constructed from the content length and the last modified date. > We want to disable / turnoff this ETag header of Tomcat webserver. > Referred this link :- > https://serverfault.com/questions/232763/how-to-disable-etag-headers-in-tomcat > but couldn't get success to disable this ETag. > > Appreciate your help ! The approached described in that link won't work if the response is sufficiently large that the response has already been committed. You'd need to wrap the response, override setHeader(String, String) and NO-OP and calls that try to set the "ETag" header. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
