Re: Security issue involving HTTP response headers

2019-10-21 Thread logo
Hi James, see below: Am 2019-10-21 23:34, schrieb James H. H. Lampert: httpHeaderSecurity org.apache.catalina.filters.HttpHeaderSecurityFilter antiClickJackingOption SAMEORIGIN Mark mentioned it before, that can also go into your apps web.xml and

Re: Security issue involving HTTP response headers

2019-10-21 Thread James H. H. Lampert
httpHeaderSecurity org.apache.catalina.filters.HttpHeaderSecurityFilter antiClickJackingOption SAMEORIGIN In the filter mapping section of the web.xml add the following. httpHeaderSecurity /* REQUEST Before I installed the above filte

Re: Security issue involving HTTP response headers

2019-10-03 Thread jamesl
Thanks to all who have responded (especially Mr. Schultz), and thanks in advance to anybody else who responds. It will be a few more days before I can act on the information. I'm not ignoring any of you; I'm gathering information so I can solve the problem ASAP upon my return to work from my vac

Re: Security issue involving HTTP response headers

2019-10-03 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 10/2/19 01:34, jam...@touchtonecorp.com wrote: > We have a customer who is particularly concerned about security. > > We just updated their Tomcat, which solved all the issues coming up > in their security scan, except for one involving th

Re: Security issue involving HTTP response headers

2019-10-02 Thread Mark Thomas
On 02/10/2019 07:05, jonmcalexan...@wellsfargo.com.INVALID wrote: > Tomcat 7.0.63 and above. > > Navigate to the tomcat conf directory and open the web.xml with a text editor. If you edit $CATALINA_BASE/conf/web.xml that will apply to every web application deployed on the Tomcat instance. You may

Re: Security issue involving HTTP response headers

2019-10-01 Thread Peter Kreuser
--Original Message- > From: jam...@touchtonecorp.com > Sent: Wednesday, October 2, 2019 12:35 AM > To: Tomcat Users List > Subject: Security issue involving HTTP response headers > > We have a customer who is particularly concerned about security. > > We just update

RE: Security issue involving HTTP response headers

2019-10-01 Thread jonmcalexander
Sent: Wednesday, October 2, 2019 12:35 AM To: Tomcat Users List Subject: Security issue involving HTTP response headers We have a customer who is particularly concerned about security. We just updated their Tomcat, which solved all the issues coming up in their security scan, except for one

Security issue involving HTTP response headers

2019-10-01 Thread jamesl
We have a customer who is particularly concerned about security. We just updated their Tomcat, which solved all the issues coming up in their security scan, except for one involving the following HTTP headers: X-FRAME-OPTIONS X-XSS-PROTECTION X-CONTENT-TYPE-OPTIONS and strict transport security