From: Kruthi Bhat <krutbhat@att.com>
Date: Tue, 16 Nov 2021 19:31:18 +0000 (-0500)
Subject: Fix for Penetration test _ Session and cookie management
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=vid.git;a=commitdiff_plain;h=HEAD

Fix for Penetration test _ Session and cookie management

Change-Id: I5597f4e25acaf0352d66870911d6c99503a01229
Issue-ID: VID-987
Signed-off-by: krutbhat@att.com
---

diff --git a/epsdk-app-onap/src/main/webapp/WEB-INF/web.xml b/epsdk-app-onap/src/main/webapp/WEB-INF/web.xml
index e90f837d3..e445bac5c 100755
--- a/epsdk-app-onap/src/main/webapp/WEB-INF/web.xml
+++ b/epsdk-app-onap/src/main/webapp/WEB-INF/web.xml
@@ -70,6 +70,23 @@
     <filter-name>charset-to-utf8-filter</filter-name>
     <url-pattern>/app/ui/*</url-pattern>
   </filter-mapping>
+      <filter>
+    <filter-name>httpHeaderSecurity</filter-name>
+    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
+    <async-supported>true</async-supported>
+    <init-param>
+      <param-name>antiClickJackingEnabled</param-name>
+      <param-value>true</param-value>
+    </init-param>
+    <init-param>
+      <param-name>antiClickJackingOption</param-name>
+      <param-value>DENY</param-value>
+    </init-param>
+  </filter>
+  <filter-mapping>
+    <filter-name>httpHeaderSecurity</filter-name>
+    <url-pattern>/*</url-pattern>
+  </filter-mapping>
 
   <error-page>
     <error-code>404</error-code>