From 2f0479369f1bdb5a76c3856c7fd066cfd2db75e6 Mon Sep 17 00:00:00 2001
From: vasraz <vasyl.razinkov@est.tech>
Date: Tue, 12 Oct 2021 15:18:52 +0100
Subject: Revert "Fix critical cross site scripting"

This reverts commit 7c8f40bc6df4a5a4d5822e48ecbe5ebe6a0d251a.

Change-Id: I5719e82cffd36a21f265217265acf7eac060124b
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Issue-ID: SDC-3755
---
 .../src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'catalog-fe/src')

diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
index 97c4ac60fa..6378b996cf 100644
--- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
+++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
@@ -113,7 +113,7 @@ public class PortalServlet extends HttpServlet {
      * @throws IOException
      */
     private void addRequestHeadersUsingWebseal(final HttpServletRequest request, final HttpServletResponse response)
-        throws ServletException, IOException, CipherUtilException {
+        throws ServletException, IOException {
         response.setContentType("text/html");
         // Create new request object to dispatch
         MutableHttpServletRequest mutableRequest = new MutableHttpServletRequest(request);
@@ -243,13 +243,12 @@ public class PortalServlet extends HttpServlet {
      * @param request
      * @param headers
      */
-    private void addCookies(final HttpServletResponse response, final HttpServletRequest request, final String[] headers)
-        throws CipherUtilException {
+    private void addCookies(final HttpServletResponse response, final HttpServletRequest request, final String[] headers) {
         for (var i = 0; i < headers.length; i++) {
             final var currHeader = ValidationUtils.sanitizeInputString(headers[i]);
             final var headerValue = ValidationUtils.sanitizeInputString(request.getHeader(currHeader));
             if (headerValue != null) {
-                final var cookie = new Cookie(currHeader, CipherUtil.encryptPKC(headerValue));
+                final var cookie = new Cookie(currHeader, headerValue);
                 cookie.setSecure(true);
                 response.addCookie(cookie);
             }
-- 
cgit 1.2.3-korg