-
Products and Technology
By Category
-
Groups
Activity Groups
Industry Groups
Influence and Feedback Groups
Interest Groups
Location Groups
Customer Only Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
Products
Learning and Support
-
- Products and Technology
- Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
- Explore SAP
-
Products
- Products
- SAP Business Suite
- Artificial Intelligence
- Business applications
- Data and analytics
- Technology Platform
- Financial Management
- Spend Management
- Supply Chain Management
- Human Capital Management
- Customer Experience
- SAP Business Network
- View products A-Z
- View industries
- Try SAP
- Partners
- Services
- Learning and Support
- About
- SAP Community
- Products and Technology
- CRM and Customer Experience
- CRM and CX Q&A
- Enable HSTS in hybris port 9002
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Options
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Read only
Enable HSTS in hybris port 9002
Former Member
Options
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 2020 Dec 01 6:58 AM
673
- SAP Managed Tags
- SAP Commerce
When I access https://localhost:9002/hac or https://localhost:9002/backoffice, HTTP Strict Transport Security (HSTS) is not in the response header.
Any one know where to add this in hybris?
Need more details?
Request clarification before answering.
Accepted Solutions (0)
Answers (1)
Answers (1)
pavan_joshi1
Participant
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2021 Jan 05
7:29 AM
You should include a new security filter in the BackOffice flow using web-fragments, which will be merged from all *backoffie extensions.
>> BackofficeSecurityHeaderFilter.java
New filter class with below code :
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException
{
HttpServletResponse response = (HttpServletResponse) servletResponse;
response.addHeader("Strict-Transport-Security", "max-age=31556926; includeSubDomains");
filterChain.doFilter(servletRequest, response);
}>> resources/web-fragment.xml
<web-fragment xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-fragment_3_0.xsd";
version="3.0">
<name>webfragment_BackofficeSecurityHeaderFilter</name>
<filter>
<filter-name>BackofficeSecurityHeaderFilter</filter-name>
<filter-class><package>.BackofficeSecurityHeaderFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter-mapping>
<filter-name>BackofficeSecurityHeaderFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-fragment>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
BlueskyAsk a Question
Related Content
- Composable Storefront local setup and OAuth Framework Update JDK21 in CRM and CX Blog Posts by SAP
- SAP Commerce Cloud Media Import through API in CRM and CX Blog Posts by SAP
- Cloud Hotfolder for ClassificationAttribute uses wrong order in CRM and CX Q&A
- How to Integrate SAP Commerce with Large Language Models (LLMs) for Intelligent Product Discovery in CRM and CX Blog Posts by SAP
- Composable Storefront specific configuration by environment in SAP Commerce Cloud in CRM and CX Blog Posts by SAP
Top Q&A Solution Author
| User | Count |
|---|---|
| 4 | |
| 2 | |
| 1 | |
| 1 | |
| 1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.