-
1. Re: How to set Strict-Transport-Security in HTTP-Header?
1 of 1 people found this helpfulHi,
We tough about that, but implementation was done 90% of the way
it should be done by adding header filter to location.
for example
<subsystem xmlns="urn:jboss:domain:undertow:1.0"> .... <server name="default-server"> <http-listener name="default" socket-binding="http" max-post-size="10485760"/> <host name="default-host" alias="localhost"> <location name="/" handler="welcome-content"> <filter-ref name="transport-security"/> </location> </host> </server> <servlet-container name="default" default-buffer-cache="default" stack-trace-on-error="local-only" > .. </servlet-container> <handlers> <file name="welcome-content" path="${jboss.home.dir}/welcome-content" directory-listing="true"/> </handlers> <filters> <response-header name="transport-security" header-name="Strict-Transport-Security" header-value="max-age=31536000; includeSubDomains"/> </filters> </subsystem>I have most of the work already done just so it should be done fairly quickly.
Could I ask you to create Jira issue so we can track this.
--
tomaz
-
2. Re: Re: How to set Strict-Transport-Security in HTTP-Header?
Tomaz, I compiled the latest WildFly snapshot, but got the following stacktrace. The JIRA issue is [WFLY-2463] Set Strict-Transport-Security in HTTP-Header - JBoss Issue Tracker
ERROR [org.jboss.as.server] (Controller Boot Thread) JBAS015956: Caught exception during boot: org.jboss.as.controller.persistence.ConfigurationPersistenceException: JBAS014676: Failed to parse configuration
at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:112) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
at org.jboss.as.server.ServerService.boot(ServerService.java:331) [wildfly-server-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:255) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
Caused by: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[380,149]
Message: JBAS014789: Unexpected element '{urn:jboss:domain:undertow:1.0}response-header' encountered
at org.jboss.as.controller.parsing.ParseUtils.unexpectedElement(ParseUtils.java:85) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
at org.jboss.as.controller.PersistentResourceXMLDescription.parseChildren(PersistentResourceXMLDescription.java:128) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
at org.jboss.as.controller.PersistentResourceXMLDescription.parse(PersistentResourceXMLDescription.java:100) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
at org.jboss.as.controller.PersistentResourceXMLDescription.parseChildren(PersistentResourceXMLDescription.java:126) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
at org.jboss.as.controller.PersistentResourceXMLDescription.parse(PersistentResourceXMLDescription.java:100) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
at org.wildfly.extension.undertow.UndertowSubsystemParser_1_0.readElement(UndertowSubsystemParser_1_0.java:218)
at org.wildfly.extension.undertow.UndertowSubsystemParser_1_0.readElement(UndertowSubsystemParser_1_0.java:55)
at org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:110) [staxmapper-1.1.0.Final.jar:1.1.0.Final]
at org.jboss.staxmapper.XMLExtendedStreamReaderImpl.handleAny(XMLExtendedStreamReaderImpl.java:69) [staxmapper-1.1.0.Final.jar:1.1.0.Final]
at org.jboss.as.server.parsing.StandaloneXml.parseServerProfile(StandaloneXml.java:1129) [wildfly-server-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
at org.jboss.as.server.parsing.StandaloneXml.readServerElement_1_4(StandaloneXml.java:458) [wildfly-server-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
at org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:145) [wildfly-server-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
at org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:107) [wildfly-server-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
at org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:110) [staxmapper-1.1.0.Final.jar:1.1.0.Final]
at org.jboss.staxmapper.XMLMapperImpl.parseDocument(XMLMapperImpl.java:69) [staxmapper-1.1.0.Final.jar:1.1.0.Final]
at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:104) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
... 3 more
-
3. Re: Re: How to set Strict-Transport-Security in HTTP-Header?
1 of 1 people found this helpfulyeah, for now that is only on my working branch.
https://github.com/ctomc/wildfly/tree/undertow
should be ready to be made into PR later today.
-
4. Re: Re: How to set Strict-Transport-Security in HTTP-Header?
Got it. I'll wait until the PR is merged.
-
5. Re: How to set Strict-Transport-Security in HTTP-Header?
Hey,
PR is now merged and should be part of next nightly build (might already be).
I have commented on jira with example configuration.
you can use filter-ref on host & location, but if you want filters to be applied to deployments you need to configure them on host resource.
--
tomaz