After SSL key import, Maximo url works for https:// .. as well as for http:// .. too
Problem:
How to restrict url for http:// .. after SSL key import.
Resolution:
1. Open the httpd.conf file
--> Go to <HTTPServerhome>/conf , (for Linux --> /opt/IBM/HTTPServer/Conf/httpd.conf)
Add this header in the end of this file, and save the file then restart the webserver as well as Application server.
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header set X-XSS-Protection "1; mode=block"
Header set Content-Security-Policy "default-src 'none'; frame-src 'self'; child-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;connect-src 'self'; img-src * 'self' data:; font-src 'self' https:; style-src 'self' 'unsafe-inline' data: https:; object-src 'self'"
How to restrict url for http:// .. after SSL key import.
Resolution:
1. Open the httpd.conf file
--> Go to <HTTPServerhome>/conf , (for Linux --> /opt/IBM/HTTPServer/Conf/httpd.conf)
Add this header in the end of this file, and save the file then restart the webserver as well as Application server.
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header set X-XSS-Protection "1; mode=block"
Header set Content-Security-Policy "default-src 'none'; frame-src 'self'; child-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;connect-src 'self'; img-src * 'self' data:; font-src 'self' https:; style-src 'self' 'unsafe-inline' data: https:; object-src 'self'"
No comments: