From 0899720f168c09d037e577109d7cab665fe1fb91 Mon Sep 17 00:00:00 2001
From: vasraz <vasyl.razinkov@est.tech>
Date: Tue, 4 Oct 2022 18:16:26 +0100
Subject: Fix bug 'X-Frame-Options not configured: Lack of clickjacking
 protection'

Add new Filter (ContentSecurityPolicyHeaderFilter)

Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: Ic8151df64e4b95b3d59b44a5f74dd12210f55e87
Issue-ID: SDC-4192
---
 catalog-be/src/main/webapp/WEB-INF/web.xml | 109 +++--------------------------
 1 file changed, 9 insertions(+), 100 deletions(-)

(limited to 'catalog-be/src/main/webapp')

diff --git a/catalog-be/src/main/webapp/WEB-INF/web.xml b/catalog-be/src/main/webapp/WEB-INF/web.xml
index 64763b27a8..7cbfd1a920 100644
--- a/catalog-be/src/main/webapp/WEB-INF/web.xml
+++ b/catalog-be/src/main/webapp/WEB-INF/web.xml
@@ -84,30 +84,6 @@
         <async-supported>true</async-supported>
     </servlet>
 
-    <!--    <filter>-->
-    <!--        <filter-name>CadiAuthFilter</filter-name>-->
-    <!--        <filter-class>org.onap.portalsdk.core.onboarding.crossapi.CadiAuthFilter</filter-class>-->
-    <!--        <init-param>-->
-    <!--            <param-name>cadi_prop_files</param-name>-->
-    <!--            &lt;!&ndash; Add Absolute path of cadi.properties &ndash;&gt;-->
-    <!--            <param-value>etc/cadi.properties</param-value>-->
-    <!--        </init-param>-->
-    <!--        &lt;!&ndash;Add param values with comma delimited values &ndash;&gt;-->
-    <!--        &lt;!&ndash; for example /api/v3/*,/auxapi/*&ndash;&gt;-->
-    <!--        <init-param>-->
-    <!--            <param-name>include_url_endpoints</param-name>-->
-    <!--            <param-value>/api/v3/roles,/api/v3/user/*,/api/v3/user/*/roles,/api/v3/users,/api/v3/sessionTimeOuts,/api/v3/updateSessionTimeOuts</param-value>-->
-    <!--        </init-param>-->
-    <!--        <init-param>-->
-    <!--            <param-name>exclude_url_endpoints</param-name>-->
-    <!--            <param-value>/api/v3/analytics,/api/v3/storeAnalytics</param-value>-->
-    <!--        </init-param>-->
-    <!--    </filter>-->
-    <!--    <filter-mapping>-->
-    <!--        <filter-name>CadiAuthFilter</filter-name>-->
-    <!--        <url-pattern>/api/v3/*</url-pattern>-->
-    <!--    </filter-mapping>-->
-
     <servlet>
         <servlet-name>ViewStatusMessages</servlet-name>
         <servlet-class>ch.qos.logback.classic.ViewStatusMessagesServlet</servlet-class>
@@ -129,35 +105,15 @@
         <url-pattern>/lbClassicStatus</url-pattern>
     </servlet-mapping>
 
-    <!--  	<filter>
-           <filter-name>GzipFilter</filter-name>
-           <filter-class>org.eclipse.jetty.servlets.GzipFilter</filter-class>
-           <async-supported>true</async-supported>
-           <init-param>
-            <param-name>methods</param-name>
-            <param-value>GET,POST,PUT,DELETE</param-value>
-           </init-param>
-           <init-param>
-              <param-name>mimeTypes</param-name>
-              <param-value>text/html,text/plain,text/css,application/javascript,application/json</param-value>
-           </init-param>
-        </filter>
-        <filter-mapping>
-           <filter-name>GzipFilter</filter-name>
-            <url-pattern>/sdc2/rest/*</url-pattern>
-        </filter-mapping>
-
-    -->
-    <!--<filter>-->
-    <!--<filter-name>RestrictionAccessFilter</filter-name>-->
-    <!--<filter-class>org.openecomp.sdc.be.filters.RestrictionAccessFilter</filter-class>-->
-    <!--<async-supported>true</async-supported>-->
-    <!--</filter>-->
-
-    <!--    <filter>-->
-    <!--    <filter-name>gatewayFilter</filter-name>-->
-    <!--    <filter-class>org.openecomp.sdc.be.filters.GatewayFilter</filter-class>-->
-    <!--    </filter>-->
+    <filter>
+        <filter-name>contentSecurityPolicyHeaderFilter</filter-name>
+        <filter-class>org.openecomp.sdc.be.filters.ContentSecurityPolicyHeaderFilter</filter-class>
+        <async-supported>true</async-supported>
+    </filter>
+    <filter-mapping>
+        <filter-name>contentSecurityPolicyHeaderFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
 
     <filter>
         <filter-name>gatewayFilter</filter-name>
@@ -176,53 +132,6 @@
         <url-pattern>/sdc/*</url-pattern>
     </filter-mapping>
 
-    <!--
-        <filter>
-            <filter-name>basicAuthFilter</filter-name>
-            <filter-class>
-                org.openecomp.sdc.be.filters.BasicAuthenticationFilter
-            </filter-class>
-            <init-param>
-                <param-name>excludedUrls</param-name>
-                <param-value>/sdc2/rest/healthCheck,/sdc2/rest/v1/user,/sdc2/rest/v1/user/jh0003,/sdc2/rest/v1/screen,/sdc2/rest/v1/consumers,/sdc2/rest/v1/catalog/uploadType/datatypes,/sdc2/rest/v1/catalog/upload/multipart</param-value>
-            </init-param>
-        </filter>
-
-        <filter-mapping>
-            <filter-name>basicAuthFilter</filter-name>
-            <url-pattern>/*</url-pattern>
-        </filter-mapping>-->
-
-    <!--    <filter>-->
-    <!--        <filter-name>beRestrictionAccessFilter</filter-name>-->
-    <!--        <filter-class>-->
-    <!--            org.springframework.web.filter.DelegatingFilterProxy-->
-    <!--        </filter-class>-->
-    <!--        <init-param>-->
-    <!--            <param-name>targetFilterLifecycle</param-name>-->
-    <!--            <param-value>true</param-value>-->
-    <!--        </init-param>-->
-    <!--    </filter>-->
-    <!--    <filter-mapping>-->
-    <!--        <filter-name>beRestrictionAccessFilter</filter-name>-->
-    <!--        <url-pattern>/sdc2/rest/*</url-pattern>-->
-    <!--    </filter-mapping>-->
-
-    <!--    <filter>-->
-    <!--        <filter-name>CADI</filter-name>-->
-    <!--        <filter-class>org.openecomp.sdc.be.filters.BeCadiServletFilter</filter-class>-->
-    <!--        <init-param>-->
-    <!--            <param-name>cadi_prop_files</param-name>-->
-    <!--            <param-value>etc/cadi.properties</param-value>-->
-    <!--        </init-param>-->
-    <!--    </filter>-->
-
-    <!--    <filter-mapping>-->
-    <!--        <filter-name>CADI</filter-name>-->
-    <!--        <url-pattern>/sdc/*</url-pattern>-->
-    <!--        <url-pattern>/sdc2/rest/*</url-pattern>-->
-    <!--    </filter-mapping>-->
-
     <filter>
         <filter-name>reqValidationFilter</filter-name>
         <filter-class>
-- 
cgit 1.2.3-korg