happenask happenask - 2 years ago 1075
Java Question

How to add X-Content-Type-Options to tomcat configuration

My client want me to fix Web App vulnerability of My Web App
below is message about vulnerability of My Web App

The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'

This check is specific to Internet Explorer 8 and Google Chrome. Ensure each page sets a >Content-Type header and the X-CONTENT-TYPE-OPTIONS if the Content-Type header is unknown

Although I already found some solution to this issue , I am looking for solution from tomcat configuration.
Is it possible to make changes to tomcat configuration to accomplish this?

please give me any idea.

Answer Source

I think you can achieve it on Tomcat level by the following steps:

  • create your filter, package it into jar, put jar into $CATALINA_BASE/lib/
  • add filter definition into $CATALINA_BASE/conf/web.xml
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download