Fix for Penetration test _ Session and cookie management

author Kruthi Bhat <krutbhat@att.com>

Tue, 16 Nov 2021 19:31:18 +0000 (14:31 -0500)

committer Ikram Ikramullah <ikram@research.att.com>

Mon, 7 Feb 2022 21:50:34 +0000 (21:50 +0000)
author Kruthi Bhat <krutbhat@att.com>
Tue, 16 Nov 2021 19:31:18 +0000 (14:31 -0500)
committer Ikram Ikramullah <ikram@research.att.com>
Mon, 7 Feb 2022 21:50:34 +0000 (21:50 +0000)
diff --git a/epsdk-app-onap/src/main/webapp/WEB-INF/web.xml b/epsdk-app-onap/src/main/webapp/WEB-INF/web.xml

index e90f837..e445bac 100755 (executable)
--- a/epsdk-app-onap/src/main/webapp/WEB-INF/web.xml
+++ b/epsdk-app-onap/src/main/webapp/WEB-INF/web.xml
@@ -70,6 +70,23 @@
      <filter-name>charset-to-utf8-filter</filter-name>\r
      <url-pattern>/app/ui/*</url-pattern>\r
    </filter-mapping>\r
+      <filter>\r
+    <filter-name>httpHeaderSecurity</filter-name>\r
+    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>\r
+    <async-supported>true</async-supported>\r
+    <init-param>\r
+      <param-name>antiClickJackingEnabled</param-name>\r
+      <param-value>true</param-value>\r
+    </init-param>\r
+    <init-param>\r
+      <param-name>antiClickJackingOption</param-name>\r
+      <param-value>DENY</param-value>\r
+    </init-param>\r
+  </filter>\r
+  <filter-mapping>\r
+    <filter-name>httpHeaderSecurity</filter-name>\r
+    <url-pattern>/*</url-pattern>\r
+  </filter-mapping>\r
  \r
    <error-page>\r
      <error-code>404</error-code>\r
author	Kruthi Bhat <krutbhat@att.com>
	Tue, 16 Nov 2021 19:31:18 +0000 (14:31 -0500)
committer	Ikram Ikramullah <ikram@research.att.com>
	Mon, 7 Feb 2022 21:50:34 +0000 (21:50 +0000)