我想在Tomcat级别设置两个标头。在Apache级别设置这些将影响我的应用程序。 下面两个标题
Set-Cookie HttpOnly;
Secure Strict-Transport-Security: max-age=31536000; includeSubDomains
答案 0 :(得分:2)
您可以像这样使用HTTP标头安全过滤器:
<filter>
<filter-name>HTTP Header Security Filter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
<init-param>
<param-name>hstsIncludeSubDomains</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>HTTP Header Security Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
有关详细信息,请阅读documentation。