On 13/03/2016 19:56, Patrick Beckmann wrote: > Hello, > > As an occasional user of Tomcat I was missing HTTP Public Key Pinning > header supportĀ¹. So I have added it to the existing > "HttpHeaderSecurityFilter" class and would like to share it with you in > case you are interested. Please see the attached patch.
Patches posted directly to the mailing list can easily get lost if they aren't acted upon immediately. I strongly recommend that you open an enhancement request in Bugzilla to track this request and add the patch there. I've only glanced at the patch but my immediate feedback is: - why a hard limit of three pins? - how to support new algorithms as they are added to the spec I'd like to see a slightly more generic solution. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
