How to Set Content Security Policy headers in Tomcat 8.5.x

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How to Set Content Security Policy headers in Tomcat 8.5.x

Nitin Kadam
Hi All,

Need to set the Content security policy header for Tomcat Web server (8.5..x) which hosted on Windows server 2012, As per the internal security team same is not a complaint 
can you please help me setting CSP filters for my Tomcat application hosted on windows server.

below the screenshot from securityheaders.com



--
Regards
Nitin Kadam

Reply | Threaded
Open this post in threaded view
|

Re: How to Set Content Security Policy headers in Tomcat 8.5.x

Martin Grigorov
Hi,

On Wed, Sep 9, 2020 at 8:54 PM Nitin Kadam <[hidden email]> wrote:

> Hi All,
>
> Need to set the *Content security policy* header for Tomcat Web server
> (8.5..x) which hosted on Windows server 2012, As per the internal security
> team same is not a complaint
> can you please help me setting CSP filters for my Tomcat application
> hosted on windows server.
>

You can use javax.servlet.Filter to add such custom headers.
See
https://github.com/apache/tomcat/blob/53c304ad1f65a09c921c40e03a115de438f6c68a/java/org/apache/catalina/filters/HttpHeaderSecurityFilter.java
for
inspiration.
More about Filters you can read in the web, e.g.
https://www.tutorialspoint.com/servlets/servlets-writing-filters.htm


>
> below the screenshot from securityheaders.com
>
> [image: image.png]
>
> --
> Regards
> Nitin Kadam
>
>