My Oracle Support Banner

Convergence And Application Hardening (Doc ID 2498933.1)

Last updated on OCTOBER 06, 2022

Applies to:

Oracle Communications Convergence - Version 3.0.1 and later
Information in this document applies to any platform.

Goal

Questions based around following Glassfish documents:

How to Disable a HTTP Method In GlassFish Server ?

How To Add Extra HTTP Headers into the GlassFish Response ?

As part of web application hardening, guidance is required on where in the Convergence configuration/files, following items can be added:

  1. Remove/invalidate/constrain the HTTP OPTIONS and HTTP DELETE methods.
  2. Add custom HTTP response headers & values for security headers such as Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, and Referrer-Policy.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.