How to add 'Referrer-Policy' and 'Feature-Policy' headers to Tomcat for Jira 8

Question

When testing our site on https://securityheaders.com, it shows we are missing two headers:

Referrer-Policy
Feature-Policy

Our site is Jira 8.3.1 and it natively runs Tomcat. How do I configure Tomcat for these two headers?

I was able to set the Strict-Transport-Security header in the Tomcat web.xml file. I suspect I may be able to add these headers here too, just not sure what to specify.

score 0 · Answer 1 · answered Sep 08 '21 at 05:40

Just create Filter like below file ReferrerPolicyFilter.java and add ReferrerPolicyFilter filter in web.xml around other filters.

package my.package;

public class ReferrerPolicyFilter implements Filter {

@Override
public void init(FilterConfig arg0) { }

@Override
public void destroy() { }

public void doFilter(ServletRequest request, ServletResponse response,
                     FilterChain chain) throws IOException, ServletException {

    HttpServletResponse httpServletResponse = ((HttpServletResponse) response);
    httpServletResponse.addHeader("Referrer-Policy", "no-referrer");
    chain.doFilter(request, response);
}
}

In web.xml add your filter with full package name.

  ...
  </filter-mapping>

  <filter>
    <filter-name>ReferrerPolicyFilter</filter-name>
    <filter-class>my.package.ReferrerPolicyFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>ReferrerPolicyFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

score -1 · Answer 2 · answered Aug 16 '19 at 21:46

-1

I found out how to do this in the meantime and posted some code in this post.

answered Aug 16 '19 at 21:46

Buford T Justice

19
1
3

How to add 'Referrer-Policy' and 'Feature-Policy' headers to Tomcat for Jira 8

2 Answers2