Disabling HTTP Strict-Transport-Security response header in Publishing Engine

Installing Arbortext Publishing Engine (Installation d'Arbortext Publishing Engine) > Arbortext Publishing Engine Installation > Security > Disabling HTTP Strict-Transport-Security response header in Publishing Engine

HTTP Strict-Transport-Security (HSTS) response header helps in preventing users connecting to application over unencrypted connections. To disable secure HSTS Header in Arbortext Publishing Engine, follow these steps:

1. Open PE_HOME\e3\e3\WEB-INF\web.xml in a text editor.

2. Comment out or remove the following initialization parameters into the httpHeaderSecurity filter after the antiClickJackingOption parameter.

<init-param>
<param-name>hstsEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31556927</param-value>
</init-param>
<init-param>
<param-name>hstsIncludeSubDomains</param-name>
<param-value>true</param-value>
</init-param>

3. Save web.xml file.

4. Restart Publishing Engine.

Parent topic

Security

Est-ce que cela a été utile ?