问题描述
我已经编辑了web.xml以启用HttpHeaderSecurityFilter,添加了一些参数并重新启动了Tomcat。我在响应标头中没有看到strict-transport-security。
我已经在多个Tomcat 9安装中执行了相同的步骤,并在web.xml中使用了相同的值,并且可以正常工作。
web.xml中的相关条目(某些参数是默认的,我知道不需要,但在尝试解决此问题时我添加了这些参数):
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
<init-param>
<param-name>hstsIncludeSubDomains</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>hstsPreload</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>DENY</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
ServerInfo:
Server version: Apache Tomcat/7.0.82
Server built: Sep 29 2017 12:23:15 UTC
Server number: 7.0.82.0
OS Name: Linux
OS Version: 3.10.0-1062.12.1.el7.x86_64
Architecture: amd64
JVM Version: 1.8.0_131-b11
JVM vendor: Oracle Corporation
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)