From 0899720f168c09d037e577109d7cab665fe1fb91 Mon Sep 17 00:00:00 2001
From: vasraz <vasyl.razinkov@est.tech>
Date: Tue, 4 Oct 2022 18:16:26 +0100
Subject: Fix bug 'X-Frame-Options not configured: Lack of clickjacking
 protection'

Add new Filter (ContentSecurityPolicyHeaderFilter)

Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: Ic8151df64e4b95b3d59b44a5f74dd12210f55e87
Issue-ID: SDC-4192
---
 .../notifications-fe/src/main/webapp/WEB-INF/web.xml          | 11 ++++++++++-
 .../onboarding-rest-war/src/main/webapp/WEB-INF/web.xml       | 11 ++++++++++-
 2 files changed, 20 insertions(+), 2 deletions(-)

(limited to 'openecomp-be/api/openecomp-sdc-rest-webapp')

diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml
index 9191a35786..b51399ca54 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml
@@ -4,7 +4,6 @@
     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
     version="3.0">
 
-
     <!-- Spring -->
     <context-param>
         <param-name>contextConfigLocation</param-name>
@@ -15,6 +14,16 @@
         <listener-class>org.openecomp.server.listeners.OnboardingAppStartupListener</listener-class>
     </listener>
 
+    <filter>
+        <filter-name>contentSecurityPolicyHeaderFilter</filter-name>
+        <filter-class>org.openecomp.sdc.common.filters.ContentSecurityPolicyHeaderFilter</filter-class>
+        <async-supported>true</async-supported>
+    </filter>
+    <filter-mapping>
+        <filter-name>contentSecurityPolicyHeaderFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
     <filter>
         <filter-name>cross-origin</filter-name>
         <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml
index 3cbfb1325e..eb8bd9e93f 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml
@@ -4,7 +4,6 @@
     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
     version="3.0">
 
-
     <!-- Spring -->
     <context-param>
         <param-name>contextConfigLocation</param-name>
@@ -25,6 +24,16 @@
         <listener-class>org.openecomp.server.listeners.OnboardingAppStartupListener</listener-class>
     </listener>
 
+    <filter>
+        <filter-name>contentSecurityPolicyHeaderFilter</filter-name>
+        <filter-class>org.openecomp.sdc.common.filters.ContentSecurityPolicyHeaderFilter</filter-class>
+        <async-supported>true</async-supported>
+    </filter>
+    <filter-mapping>
+        <filter-name>contentSecurityPolicyHeaderFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
     <filter>
         <filter-name>PermissionsFilter</filter-name>
         <filter-class>org.openecomp.sdc.itempermissions.servlet.PermissionsFilter</filter-class>
-- 
cgit 1.2.3-korg