https://issues.apache.org/bugzilla/show_bug.cgi?id=54618
--- Comment #7 from Jens Borgland <jens.borgl...@gmail.com> --- My thought was to make it easy for both developers and, more importantly, admins to enable HSTS without having to write or compile code. The actual implementation itself is quite trivial but I think that having the functionality available out of the box adds significant value (just like the CSRF Prevention and Expires filter for example). HSTS is also done per host so using the filter for all applications in a container makes sense to me. Another option could be to create a more general filter or similar that simply adds one or more configured headers (possibly based on some condition) - like mod_headers for Apache. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
