在Tomcat 7.0.82中启用HttpHeaderSecurity过滤器时出现故障
我编辑了web.xml以启用HttpHeaderSecurityFilter,添加了一些参数并重新启动了Tomcat。我在响应头中没有看到严格的传输安全性 我用web.xml中相同的值在几个Tomcat 9安装上执行了相同的步骤,并且工作正常 web.xml中的相关条目(一些参数是默认的,我知道不需要,但我在尝试解决此问题时添加了):在Tomcat 7.0.82中启用HttpHeaderSecurity过滤器时出现故障,tomcat,http-headers,tomcat7,clickjacking,strict-transport-security,Tomcat,Http Headers,Tomcat7,Clickjacking,Strict Transport Security,我编辑了web.xml以启用HttpHeaderSecurityFilter,添加了一些参数并重新启动了Tomcat。我在响应头中没有看到严格的传输安全性 我用web.xml中相同的值在几个Tomcat 9安装上执行了相同的步骤,并且工作正常 web.xml中的相关条目(一些参数是默认的,我知道不需要,但我在尝试解决此问题时添加了): <filter> <filter-name>httpHeaderSecurity</filter-name>
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
<init-param>
<param-name>hstsIncludeSubDomains</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>hstsPreload</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>DENY</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
Server version: Apache Tomcat/7.0.82
Server built: Sep 29 2017 12:23:15 UTC
Server number: 7.0.82.0
OS Name: Linux
OS Version: 3.10.0-1062.12.1.el7.x86_64
Architecture: amd64
JVM Version: 1.8.0_131-b11
JVM Vendor: Oracle Corporation