On 10/14/25 6:33 AM, Christopher Schultz wrote:
Thanks for reminding me about the filter-mapping; I'd forgotten to
uncomment it when I'd stuck the filter configuration onto the "guinea
pig" server. Once I did that, and restarted, Firefox started showing:
Strict-Transport-Security
max-age=0
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Wait a second. Could I have . . . HOLY [redacted], I *WAS* that
[redacted] stupid! When I was pre-staging the customer's update to
9.0.106, I'd uncommented the filter configuration and added the
anti-clickjacking parameters, but I'd forgotten to uncomment the
filter-mapping!
But I still do have a question:
My filter configuration looks like this:
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
<async-supported>true</async-supported>
</filter>
If I'm adding more parameters, do I put them within the same
<init-param> tags, or a separate pair of <init-param> tags?
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
