summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorvasraz <vasyl.razinkov@est.tech>2021-10-12 15:18:52 +0100
committerVasyl Razinkov <vasyl.razinkov@est.tech>2021-10-12 15:58:53 +0000
commite93ae12a4f6bbdacda5f0bd7fee179ba28bda74a (patch)
treee0a741088b0327239f3195bbfcdf69da5a00ef40
parentb56849714284d600c56fa265014cdbcf6c3fd4c2 (diff)
Revert "Fix critical cross site scripting"
This reverts commit 7c8f40bc6df4a5a4d5822e48ecbe5ebe6a0d251a. Change-Id: I5719e82cffd36a21f265217265acf7eac060124b Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Issue-ID: SDC-3755
-rw-r--r--catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java7
1 files changed, 3 insertions, 4 deletions
diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
index 97c4ac60fa..6378b996cf 100644
--- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
+++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
@@ -113,7 +113,7 @@ public class PortalServlet extends HttpServlet {
* @throws IOException
*/
private void addRequestHeadersUsingWebseal(final HttpServletRequest request, final HttpServletResponse response)
- throws ServletException, IOException, CipherUtilException {
+ throws ServletException, IOException {
response.setContentType("text/html");
// Create new request object to dispatch
MutableHttpServletRequest mutableRequest = new MutableHttpServletRequest(request);
@@ -243,13 +243,12 @@ public class PortalServlet extends HttpServlet {
* @param request
* @param headers
*/
- private void addCookies(final HttpServletResponse response, final HttpServletRequest request, final String[] headers)
- throws CipherUtilException {
+ private void addCookies(final HttpServletResponse response, final HttpServletRequest request, final String[] headers) {
for (var i = 0; i < headers.length; i++) {
final var currHeader = ValidationUtils.sanitizeInputString(headers[i]);
final var headerValue = ValidationUtils.sanitizeInputString(request.getHeader(currHeader));
if (headerValue != null) {
- final var cookie = new Cookie(currHeader, CipherUtil.encryptPKC(headerValue));
+ final var cookie = new Cookie(currHeader, headerValue);
cookie.setSecure(true);
response.addCookie(cookie);
}