From 0899720f168c09d037e577109d7cab665fe1fb91 Mon Sep 17 00:00:00 2001 From: vasraz Date: Tue, 4 Oct 2022 18:16:26 +0100 Subject: Fix bug 'X-Frame-Options not configured: Lack of clickjacking protection' Add new Filter (ContentSecurityPolicyHeaderFilter) Signed-off-by: Vasyl Razinkov Change-Id: Ic8151df64e4b95b3d59b44a5f74dd12210f55e87 Issue-ID: SDC-4192 --- .../filters/ContentSecurityPolicyHeaderFilter.java | 40 ++++++++++++++++++++++ catalog-fe/src/main/webapp/WEB-INF/web.xml | 27 +++++---------- 2 files changed, 49 insertions(+), 18 deletions(-) create mode 100644 catalog-fe/src/main/java/org/openecomp/sdc/fe/filters/ContentSecurityPolicyHeaderFilter.java (limited to 'catalog-fe/src/main') diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/filters/ContentSecurityPolicyHeaderFilter.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/filters/ContentSecurityPolicyHeaderFilter.java new file mode 100644 index 0000000000..a49f625e54 --- /dev/null +++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/filters/ContentSecurityPolicyHeaderFilter.java @@ -0,0 +1,40 @@ +/* + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2022 Nordix Foundation. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.fe.filters; + +import org.openecomp.sdc.common.filters.ContentSecurityPolicyHeaderFilterAbstract; +import org.openecomp.sdc.fe.config.Configuration; +import org.openecomp.sdc.fe.config.ConfigurationManager; + +public class ContentSecurityPolicyHeaderFilter extends ContentSecurityPolicyHeaderFilterAbstract { + + @Override + protected String getPermittedAncestors() { + final ConfigurationManager configurationManager = ConfigurationManager.getConfigurationManager(); + if (configurationManager != null) { + final Configuration configuration = configurationManager.getConfiguration(); + if (configuration != null) { + return configuration.getPermittedAncestors(); + } + } + return ""; + } +} diff --git a/catalog-fe/src/main/webapp/WEB-INF/web.xml b/catalog-fe/src/main/webapp/WEB-INF/web.xml index de133ac8ec..895dfd8690 100644 --- a/catalog-fe/src/main/webapp/WEB-INF/web.xml +++ b/catalog-fe/src/main/webapp/WEB-INF/web.xml @@ -47,8 +47,6 @@ 1 true - - @@ -72,6 +70,15 @@ false + + contentSecurityPolicyHeaderFilter + org.openecomp.sdc.fe.filters.ContentSecurityPolicyHeaderFilter + true + + + contentSecurityPolicyHeaderFilter + /* + AuditLogServletFilter @@ -79,17 +86,6 @@ true - - - - - - - - - - - gzipFilter org.openecomp.sdc.fe.filters.GzipFilter @@ -101,11 +97,6 @@ /* - - - - - gzipFilter *.jsgz -- cgit 1.2.3-korg