Any more details on the request? Are you hitting an error 400? Like with ip address on a name based host?
That is handled prior to the filter and so you don't see the header! Peter > Am 20.04.2023 um 22:40 schrieb jonmcalexan...@wellsfargo.com.invalid: > > Hellow again. > > I hae another app team that is getting hit with a QID 11827 stating that the > hsts Security header is missing. We have reviewed the web.xml and the > appropriate section and filter are present. hstsEnabled is set to true. > Performing a curl aganst the site does NOT show the hsts STRICT header. > > WEB.XML > > -<filter> > <filter-name>httpHeaderSecurity</filter-name> > <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> > <async-supported>true</async-supported> > <!-- Overriding default value of DENY. 4/27/2022 --> > > -<init-param> > <param-name>antiClickJackingOption</param-name> > <param-value>SAMEORIGIN</param-value> > </init-param> > > -<init-param> > <param-name>hstsEnabled</param-name> > <param-value>true</param-value> > </init-param> > > > -<init-param> > <param-name>hstsMaxAgeSeconds</param-name> > <param-value>31536000</param-value> > </init-param> > > > -<init-param> > <param-name>hstsIncludeSubDomains</param-name> > <param-value>true</param-value> > </init-param> > > </filter> > > -<filter-mapping> > <filter-name>httpHeaderSecurity</filter-name> > <url-pattern>/*</url-pattern> > <dispatcher>REQUEST</dispatcher> > </filter-mapping> > > > Thank you, > > Dream * Excel * Explore * Inspire > Jon McAlexander > Senior Infrastructure Engineer > Asst. Vice President > He/His > > Middleware Product Engineering > Enterprise CIO | EAS | Middleware | Infrastructure Solutions > > 8080 Cobblestone Rd | Urbandale, IA 50322 > MAC: F4469-010 > Tel 515-988-2508 | Cell 515-988-2508 > > jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com> > This message may contain confidential and/or privileged information. If you > are not the addressee or authorized to receive this for the addressee, you > must not use, copy, disclose, or take any action based on this message or any > information herein. If you have received this message in error, please advise > the sender immediately by reply e-mail and delete this message. Thank you for > your cooperation. > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
