diff options
| author |   vasraz <vasyl.razinkov@est.tech> | 2022-10-04 18:16:26 +0100 |
|---|---|---|
| committer | Vasyl Razinkov <vasyl.razinkov@est.tech> | 2022-10-04 18:54:54 +0000 |
| commit | 0899720f168c09d037e577109d7cab665fe1fb91 (patch) | |
| tree | c6c210914a6fb029841d28de92cb760cdad6088d /openecomp-be/lib | |
| parent | ca487f60c2ca67794b16c0ff0cf5cc6deca556fc (diff) | |
Fix bug 'X-Frame-Options not configured: Lack of clickjacking protection'
Add new Filter (ContentSecurityPolicyHeaderFilter)
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: Ic8151df64e4b95b3d59b44a5f74dd12210f55e87
Issue-ID: SDC-4192
Diffstat (limited to 'openecomp-be/lib')
| -rw-r--r-- | openecomp-be/lib/openecomp-common-lib/pom.xml | 11 | ||||
| -rw-r--r-- | openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/filters/ContentSecurityPolicyHeaderFilter.java | 35 |
2 files changed, 46 insertions, 0 deletions
diff --git a/openecomp-be/lib/openecomp-common-lib/pom.xml b/openecomp-be/lib/openecomp-common-lib/pom.xml index 43ec9c25f6..cb41e44001 100644 --- a/openecomp-be/lib/openecomp-common-lib/pom.xml +++ b/openecomp-be/lib/openecomp-common-lib/pom.xml @@ -26,6 +26,17 @@ <version>${project.version}</version> </dependency> <dependency> + <groupId>javax.servlet</groupId> + <artifactId>javax.servlet-api</artifactId> + <version>${servlet-api.version}</version> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>javax.inject</groupId> + <artifactId>javax.inject</artifactId> + <version>${javax.inject.version}</version> + </dependency> + <dependency> <groupId>javax.ws.rs</groupId> <artifactId>javax.ws.rs-api</artifactId> <scope>provided</scope> diff --git a/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/filters/ContentSecurityPolicyHeaderFilter.java b/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/filters/ContentSecurityPolicyHeaderFilter.java new file mode 100644 index 0000000000..f7aa6f2da0 --- /dev/null +++ b/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/filters/ContentSecurityPolicyHeaderFilter.java @@ -0,0 +1,35 @@ +/* + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2022 Nordix Foundation. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.common.filters; + +import org.openecomp.sdc.common.CommonConfigurationManager; + +public class ContentSecurityPolicyHeaderFilter extends ContentSecurityPolicyHeaderFilterAbstract { + + @Override + protected String getPermittedAncestors() { + final CommonConfigurationManager commonConfigurationManager = CommonConfigurationManager.getInstance(); + if (commonConfigurationManager != null) { + return commonConfigurationManager.getConfigValue("permittedAncestors", ""); + } + return ""; + } +} |