Code Review / portal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Changed X-Frame attribute value to sameorigin
[portal.git] / ecomp-portal-BE-common / src / main / java / org / onap / portalapp / config / ExternalSecurityConfig.java
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/config/ExternalSecurityConfig.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/config/ExternalSecurityConfig.java
index 5354fa3..ae08a34 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/config/ExternalSecurityConfig.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/config/ExternalSecurityConfig.java
@@ -41,11 +41,13 @@ import java.util.regex.Pattern;
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.onap.portalapp.music.util.MusicUtil;
 import org.onap.portalapp.portal.utils.MusicCookieCsrfTokenRepository;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 import org.springframework.security.web.util.matcher.RegexRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
@@ -67,6 +69,14 @@ public class ExternalSecurityConfig extends WebSecurityConfigurerAdapter {
                                return false;
                        }
                };
-               http.csrf().csrfTokenRepository(MusicCookieCsrfTokenRepository.withHttpOnlyFalse()).requireCsrfProtectionMatcher(csrfRequestMatcher);
+               
+               
+               //Added this code to enable Raptor charts within Iframe
+               http.headers().frameOptions().sameOrigin();
+               
+               if(MusicUtil.isMusicEnable())
+                       http.csrf().csrfTokenRepository(MusicCookieCsrfTokenRepository.withHttpOnlyFalse()).requireCsrfProtectionMatcher(csrfRequestMatcher);
+               else
+                       http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).requireCsrfProtectionMatcher(csrfRequestMatcher);
        }
 }
ARCHIVED- 2022-02-15 at the request of the project