James,
On 10/14/25 1:22 PM, James H. H. Lampert wrote:
On 10/14/25 6:33 AM, Christopher Schultz wrote:
Thanks for reminding me about the filter-mapping; I'd forgotten to
uncomment it when I'd stuck the filter configuration onto the "guinea
pig" server. Once I did that, and restarted, Firefox started showing:
Strict-Transport-Security
max-age=0
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Wait a second. Could I have . . . HOLY [redacted], I *WAS* that
[redacted] stupid! When I was pre-staging the customer's update to
9.0.106, I'd uncommented the filter configuration and added the anti-
clickjacking parameters, but I'd forgotten to uncomment the filter-mapping!
:)
But I still do have a question:
My filter configuration looks like this:
>
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
<async-supported>true</async-supported>
</filter>
If I'm adding more parameters, do I put them within the same <init-
param> tags, or a separate pair of <init-param> tags?
Each parameter needs to be in a separate <init-param> wrapper, but they
can be all added to the same <filter> like this:
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
<init-param>
<param-name>other-param/param-name>
<param-value>value</param-value>
</init-param>
<async-supported>true</async-supported>
</filter>
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
