Security Settings - HSTS, Content Security Policy, X-Content-Type-Options

sangamaes · March 1, 2024, 12:01pm

Hi, I’m using Payara Community Edition [version 2.2022.2] (https://repo1.maven.org/maven2/fish/payara/distributions/payara/5.2022.2/payara-5.2022.2.zip) for one of the application and using Micro version for another 2 child applications https://repo1.maven.org/maven2/fish/payara/extras/payara-micro/5.2022.2/payara-micro-5.2022.2.jar

I would like to enable these 3 security items
1) HTTP Strict-Transport-Security
2) Content-Security-Policy
3) X-Content-Type-Options

For HSTS, I know we can set something like this
./asadmin set configs.config.server-config.network-config.protocols.protocol.${protocol-name}.ssl.hsts-enabled=true

Question 1: But this doesn’t work on payara-micro, how do we do the same in micro version?
Question 2: How to set Content-Security-Policy and X-Content-Type-Options in Payara full version and micro-version?

Any help on this is much appreciated.

charlee_ch · March 3, 2024, 9:03am

The Payara Micro use the preboot and postboot, as mentioned in Running asadmin commands using Pre-boot and Post-boot Scripts

Topic		Replies	Views
Security Compliance with Payara webserver Technical Discussion	0	147	November 18, 2022
IUCLID6 on Ubuntu: Payara Server: need Secure Admin enabled to access the DAS remotely General security	1	248	June 29, 2022
Run some applications as HTTP, others as HTTPS Technical Discussion	1	146	January 15, 2024
Payara security rating Technical Discussion	3	276	December 13, 2021
Cookies are set without the httponly attribute (Payara 6.2023.2) Payara Server	0	192	March 8, 2023

Security Settings - HSTS, Content Security Policy, X-Content-Type-Options

Related Topics