Can Tomcat 7 be configured to insert "Content-Security-Policy" HTTP header?

Once it cannot be achieved with Tomcat 7.x built in filters, you could try one of the following options:

Creating a filter in your application

If adding a filter to your application is an option, you could use the following code to add a header to every response:

@WebFilter("/*")
public class MyFilter implements Filter {

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, 
                         FilterChain chain) throws IOException, ServletException {

        HttpServletResponse httpResponse = (HttpServletResponse) response;
        httpResponse.setHeader("Content-Security-Policy", "frame-ancestors 'self'");

        chain.doFilter(request, response);
    }
}

Creating a custom valve in your Tomcat

Another option is a custom valve. Quoting the steps from this page:

1. Create a Maven Java Application.

2. Add the following dependency:

<dependency>
    <groupid>org.apache.tomcat</groupId>
    <artifactid>tomcat-catalina</artifactId>
    <version>7.0.34</version>
    <scope>provided</scope>
 </dependency>

3. Create your Java class and extend it from ValveBase.

4. Implement the invoke(Request, Response) method.

5. Build your library (.jar) file

6. Install the library in the ${tomcat.home}/lib directory.

7. Configure the server.xml to use your new valve. For example:

<valve className="com.example.MyValve"/>

8. Start the server to see your new valve in action

Your valve implementation could be like:

public class MyValve extends ValveBase {

    @Override
    public void invoke(Request request, Response response) throws IOException, 
                                                                  ServletException {

        HttpServletResponse httpResponse = response.getResponse();
        httpResponse.setHeader("Content-Security-Policy", "frame-ancestors 'self'");

        getNext().invoke(request, response);
    }
}

Related videos on Youtube

44 : 01

Checkpoint install Stanalone #checkpoint #firewall #tutorial

Tutorials Sharing

893

08 : 32

Install and Configure Tomcat Server KodeKloud Engineer Task Success

NB Tech Support

820

12 : 35

How to Install & configure Apache Tomcat server in Windows 10?

J2easylearning

158

04 : 06

Apache Tomcat - CGIServlet enableCmdLineArguments RCE Demo by Safe Security | CVE-2019-0232

Safe Security, Inc.

35

04 : 38

How to Set up HTTPS SSL on Tomcat

Darren's Tech Tutorials

33

15 : 37

Install and Configure Apache Tomcat on Ubuntu

Tech Blog

29

14 : 02

How to configure Tomcat to support SSL or HTTPS?

Cool IT Help

28

02 : 57

Tomcat Port Problem

Tech Pulse

25

08 : 58

Tomcat 7 0 - Configuration server.xml

Geeksidea

20

07 : 12

How to enable manager app in Tomcat server, and how to give users and roles.

Prasad Challagondla

12

05 : 25

Java - TomCat Installing - solving common problems!!!

EZCode

7

09 : 14

Security In a Java Web Application - Tutorial 06 (using Tomcat 7)

Prototype Project

4

13 : 26

Configuring embedded tomcat application properties in Spring boot

CodeWis Technologies

2

08 : 02

Configuring Tomcat for HTTPS & User Authentication | Security 7

Adrien Foucart

1

Author by

Peter Klimczak

Updated on June 04, 2022