From 0899720f168c09d037e577109d7cab665fe1fb91 Mon Sep 17 00:00:00 2001
From: vasraz <vasyl.razinkov@est.tech>
Date: Tue, 4 Oct 2022 18:16:26 +0100
Subject: Fix bug 'X-Frame-Options not configured: Lack of clickjacking
 protection'

Add new Filter (ContentSecurityPolicyHeaderFilter)

Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: Ic8151df64e4b95b3d59b44a5f74dd12210f55e87
Issue-ID: SDC-4192
---
 .../filters/ContentSecurityPolicyHeaderFilter.java | 41 ++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 catalog-be/src/main/java/org/openecomp/sdc/be/filters/ContentSecurityPolicyHeaderFilter.java

(limited to 'catalog-be/src/main/java')

diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/filters/ContentSecurityPolicyHeaderFilter.java b/catalog-be/src/main/java/org/openecomp/sdc/be/filters/ContentSecurityPolicyHeaderFilter.java
new file mode 100644
index 0000000000..c9871c3c3a
--- /dev/null
+++ b/catalog-be/src/main/java/org/openecomp/sdc/be/filters/ContentSecurityPolicyHeaderFilter.java
@@ -0,0 +1,41 @@
+/*
+ * ============LICENSE_START=======================================================
+ * SDC
+ * ================================================================================
+ * Copyright (C) 2022 Nordix Foundation. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.openecomp.sdc.be.filters;
+
+import org.openecomp.sdc.be.config.Configuration;
+import org.openecomp.sdc.be.config.ConfigurationManager;
+import org.openecomp.sdc.common.filters.ContentSecurityPolicyHeaderFilterAbstract;
+
+public class ContentSecurityPolicyHeaderFilter extends ContentSecurityPolicyHeaderFilterAbstract {
+
+    @Override
+    protected String getPermittedAncestors() {
+        final ConfigurationManager configurationManager = ConfigurationManager.getConfigurationManager();
+        if (configurationManager != null) {
+            final Configuration configuration = configurationManager.getConfiguration();
+            if (configuration != null) {
+                return configuration.getPermittedAncestors();
+            }
+        }
+        return "";
+    }
+
+}
-- 
cgit 1.2.3-korg