happenask happenask - 7 months ago 445
Java Question

How to add X-Content-Type-Options to tomcat configuration

My client want me to fix Web App vulnerability of My Web App
below is message about vulnerability of My Web App


The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'

This check is specific to Internet Explorer 8 and Google Chrome. Ensure each page sets a >Content-Type header and the X-CONTENT-TYPE-OPTIONS if the Content-Type header is unknown


Although I already found some solution to this issue , I am looking for solution from tomcat configuration.
Is it possible to make changes to tomcat configuration to accomplish this?

please give me any idea.

Answer

I think you can achieve it on Tomcat level by the following steps:

  • create your filter, package it into jar, put jar into $CATALINA_BASE/lib/
  • add filter definition into $CATALINA_BASE/conf/web.xml