From: vasraz <vasyl.razinkov@est.tech>
Date: Tue, 12 Oct 2021 14:18:52 +0000 (+0100)
Subject: Revert "Fix critical cross site scripting"
X-Git-Tag: 1.10.0~56
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=2f0479369f1bdb5a76c3856c7fd066cfd2db75e6;p=sdc.git

Revert "Fix critical cross site scripting"

This reverts commit 7c8f40bc6df4a5a4d5822e48ecbe5ebe6a0d251a.

Change-Id: I5719e82cffd36a21f265217265acf7eac060124b
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Issue-ID: SDC-3755
---

diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
index 97c4ac60fa..6378b996cf 100644
--- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
+++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
@@ -113,7 +113,7 @@ public class PortalServlet extends HttpServlet {
      * @throws IOException
      */
     private void addRequestHeadersUsingWebseal(final HttpServletRequest request, final HttpServletResponse response)
-        throws ServletException, IOException, CipherUtilException {
+        throws ServletException, IOException {
         response.setContentType("text/html");
         // Create new request object to dispatch
         MutableHttpServletRequest mutableRequest = new MutableHttpServletRequest(request);
@@ -243,13 +243,12 @@ public class PortalServlet extends HttpServlet {
      * @param request
      * @param headers
      */
-    private void addCookies(final HttpServletResponse response, final HttpServletRequest request, final String[] headers)
-        throws CipherUtilException {
+    private void addCookies(final HttpServletResponse response, final HttpServletRequest request, final String[] headers) {
         for (var i = 0; i < headers.length; i++) {
             final var currHeader = ValidationUtils.sanitizeInputString(headers[i]);
             final var headerValue = ValidationUtils.sanitizeInputString(request.getHeader(currHeader));
             if (headerValue != null) {
-                final var cookie = new Cookie(currHeader, CipherUtil.encryptPKC(headerValue));
+                final var cookie = new Cookie(currHeader, headerValue);
                 cookie.setSecure(true);
                 response.addCookie(cookie);
             }