2015-05-11 14:28 GMT+02:00 Mark Thomas <ma...@apache.org>: > Which features are you thinking of and are you suggesting they should be > enabled as well? > > I vote "not enabled" :) I'm not a big fan of these security features usually (just like when my browser decides I am stupid and must reject "fake" certs on my behalf).
There is: - CorsFilter - CsrfPreventionFilter And there are also dos style filters and valves too: - CrawlerSessionManagerValve - StuckThreadDetectionValve - app servers usually add a valve or filter for JCA as well in that category Rémy
