https://community.sap.com/t5/crm-and-cx-q-a/enable-hsts-in-hybris-port-9002/qaa-p/12239950#M423729 <P>You should include a new security filter in the BackOffice flow using web-fragments, which will be merged from all *backoffie extensions. </P><PRE><CODE>&gt;&gt; BackofficeSecurityHeaderFilter.java New filter class with below code : @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) servletResponse; response.addHeader("Strict-Transport-Security", "max-age=31556926; includeSubDomains"); filterChain.doFilter(servletRequest, response); }</CODE></PRE><PRE><CODE>&gt;&gt; resources/web-fragment.xml &lt;web-fragment xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" <A href="http://java.sun.com/xml/ns/javaee" target="test_blank">http://java.sun.com/xml/ns/javaee</A> <A href="http://java.sun.com/xml/ns/javaee/web-fragment_3_0.xsd&quot;" target="test_blank">http://java.sun.com/xml/ns/javaee/web-fragment_3_0.xsd"</A>; version="3.0"&gt; &lt;name&gt;webfragment_BackofficeSecurityHeaderFilter&lt;/name&gt; &lt;filter&gt; &lt;filter-name&gt;BackofficeSecurityHeaderFilter&lt;/filter-name&gt; &lt;filter-class&gt;&lt;package&gt;.BackofficeSecurityHeaderFilter&lt;/filter-class&gt; &lt;async-supported&gt;true&lt;/async-supported&gt; &lt;/filter&gt; &lt;filter-mapping&gt; &lt;filter-name&gt;BackofficeSecurityHeaderFilter&lt;/filter-name&gt; &lt;url-pattern&gt;/*&lt;/url-pattern&gt; &lt;/filter-mapping&gt; &lt;/web-fragment&gt; </CODE></PRE> Tue, 05 Jan 2021 07:29:48 GMT pavan_joshi1 2021-01-05T07:29:48Z https://community.sap.com/t5/crm-and-cx-q-a/enable-hsts-in-hybris-port-9002/qaq-p/12239949 <P>When I access <A href="https://localhost:9002/hac" target="test_blank">https://localhost:9002/hac</A> or <A href="https://localhost:9002/backoffice" target="test_blank">https://localhost:9002/backoffice</A>, HTTP Strict Transport Security (HSTS) is not in the response header.</P> <P>Any one know where to add this in hybris?</P> Tue, 01 Dec 2020 06:58:09 GMT https://community.sap.com/t5/crm-and-cx-q-a/enable-hsts-in-hybris-port-9002/qaq-p/12239949 Former Member 2020-12-01T06:58:09Z https://community.sap.com/t5/crm-and-cx-q-a/enable-hsts-in-hybris-port-9002/qaa-p/12239950#M423729 <P>You should include a new security filter in the BackOffice flow using web-fragments, which will be merged from all *backoffie extensions. </P><PRE><CODE>&gt;&gt; BackofficeSecurityHeaderFilter.java New filter class with below code : @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) servletResponse; response.addHeader("Strict-Transport-Security", "max-age=31556926; includeSubDomains"); filterChain.doFilter(servletRequest, response); }</CODE></PRE><PRE><CODE>&gt;&gt; resources/web-fragment.xml &lt;web-fragment xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" <A href="http://java.sun.com/xml/ns/javaee" target="test_blank">http://java.sun.com/xml/ns/javaee</A> <A href="http://java.sun.com/xml/ns/javaee/web-fragment_3_0.xsd&quot;" target="test_blank">http://java.sun.com/xml/ns/javaee/web-fragment_3_0.xsd"</A>; version="3.0"&gt; &lt;name&gt;webfragment_BackofficeSecurityHeaderFilter&lt;/name&gt; &lt;filter&gt; &lt;filter-name&gt;BackofficeSecurityHeaderFilter&lt;/filter-name&gt; &lt;filter-class&gt;&lt;package&gt;.BackofficeSecurityHeaderFilter&lt;/filter-class&gt; &lt;async-supported&gt;true&lt;/async-supported&gt; &lt;/filter&gt; &lt;filter-mapping&gt; &lt;filter-name&gt;BackofficeSecurityHeaderFilter&lt;/filter-name&gt; &lt;url-pattern&gt;/*&lt;/url-pattern&gt; &lt;/filter-mapping&gt; &lt;/web-fragment&gt; </CODE></PRE> Tue, 05 Jan 2021 07:29:48 GMT https://community.sap.com/t5/crm-and-cx-q-a/enable-hsts-in-hybris-port-9002/qaa-p/12239950#M423729 pavan_joshi1 2021-01-05T07:29:48Z