Fix for Penetration test _ Session and cookie managementHEAD master

Change-Id: I5597f4e25acaf0352d66870911d6c99503a01229 Issue-ID: VID-987 Signed-off-by: krutbhat@att.com
author: Kruthi Bhat <krutbhat@att.com> 2021-11-16 14:31:18 -0500
committer: Ikram Ikramullah <ikram@research.att.com> 2022-02-07 21:50:34 +0000
commit: 8cef7fbeed5b8f1255535fcf1cf0c7304df6d447 (patch)
tree: 3529d0c86f1e53c96af6a254bfba050436c566d0
parent: 703613901b1c8d9db5b7e5473b156eeb08e247c3 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/epsdk-app-onap/src/main/webapp/WEB-INF/web.xml b/epsdk-app-onap/src/main/webapp/WEB-INF/web.xml
index e90f837d3..e445bac5c 100755
--- a/epsdk-app-onap/src/main/webapp/WEB-INF/web.xml
+++ b/epsdk-app-onap/src/main/webapp/WEB-INF/web.xml
@@ -70,6 +70,23 @@
     <filter-name>charset-to-utf8-filter</filter-name>
     <url-pattern>/app/ui/*</url-pattern>
   </filter-mapping>
+      <filter>
+    <filter-name>httpHeaderSecurity</filter-name>
+    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
+    <async-supported>true</async-supported>
+    <init-param>
+      <param-name>antiClickJackingEnabled</param-name>
+      <param-value>true</param-value>
+    </init-param>
+    <init-param>
+      <param-name>antiClickJackingOption</param-name>
+      <param-value>DENY</param-value>
+    </init-param>
+  </filter>
+  <filter-mapping>
+    <filter-name>httpHeaderSecurity</filter-name>
+    <url-pattern>/*</url-pattern>
+  </filter-mapping>
 
   <error-page>
     <error-code>404</error-code>
author	Kruthi Bhat <krutbhat@att.com>	2021-11-16 14:31:18 -0500
committer	Ikram Ikramullah <ikram@research.att.com>	2022-02-07 21:50:34 +0000
commit	8cef7fbeed5b8f1255535fcf1cf0c7304df6d447 (patch)
tree	3529d0c86f1e53c96af6a254bfba050436c566d0
parent	703613901b1c8d9db5b7e5473b156eeb08e247c3 (diff)