Fix for Penetration test _ Session and cookie management

[vid.git] / epsdk-app-onap / src / main / webapp / WEB-INF / web.xml

diff --git a/epsdk-app-onap/src/main/webapp/WEB-INF/web.xml b/epsdk-app-onap/src/main/webapp/WEB-INF/web.xml
index e90f837..e445bac 100755 (executable)
--- a/epsdk-app-onap/src/main/webapp/WEB-INF/web.xml
+++ b/epsdk-app-onap/src/main/webapp/WEB-INF/web.xml
@@ -70,6 +70,23 @@
     <filter-name>charset-to-utf8-filter</filter-name>\r
     <url-pattern>/app/ui/*</url-pattern>\r
   </filter-mapping>\r
+      <filter>\r
+    <filter-name>httpHeaderSecurity</filter-name>\r
+    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>\r
+    <async-supported>true</async-supported>\r
+    <init-param>\r
+      <param-name>antiClickJackingEnabled</param-name>\r
+      <param-value>true</param-value>\r
+    </init-param>\r
+    <init-param>\r
+      <param-name>antiClickJackingOption</param-name>\r
+      <param-value>DENY</param-value>\r
+    </init-param>\r
+  </filter>\r
+  <filter-mapping>\r
+    <filter-name>httpHeaderSecurity</filter-name>\r
+    <url-pattern>/*</url-pattern>\r
+  </filter-mapping>\r
 \r
   <error-page>\r
     <error-code>404</error-code>\r