Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ServerHeader in ICM

Former Member

‎2017 Aug 17 8:16 AM

0 Kudos
1,933

Hello,

we try to set some server header in an ABAP backend system.

We set the parameter

icm/HTTP/mod_0 =REFIX=/,FILE=/usr/sap/.../security/data/modifications.rules

In the file modifications.rules we only put this lines

SetResponseHeader Strict-Transport-Security "max-age=31536000; includeSubDomains"
SetResponseHeader X-Content-Type-Options nosniff
SetResponseHeader X-XSS-Protection "1;mode=block"
SetResponseHeader X-Content-Security-Policy "default-src 'self'"

We can call the URL an everything seems OK, but if we press F5 either in the Internet Explorer or Firefox we get a blank Screen.
We try to set only on Header, but equal which Header we put in the file. The result is the same.

Has someone an idea why this happens

Kind regards,
Bernhard

2 REPLIES 2

akashachu75
Product and Topic Expert
Product and Topic Expert

‎2019 Dec 18 7:34 PM

0 Kudos
562

Hello Bernhard,

If you are just trying to set the header for HSTS please go throught the blog: https://blogs.sap.com/2019/12/17/hsts-http-strict-transport-security-with-sap-web-dispatcher

Regards,

Akash

former_member699926
Discoverer

‎2021 Mar 03 3:28 PM

0 Kudos
562

Hi Bernhard,

Were you able to resolved this?

kind regards,

Ger