From 8cef7fbeed5b8f1255535fcf1cf0c7304df6d447 Mon Sep 17 00:00:00 2001
From: Kruthi Bhat <krutbhat@att.com>
Date: Tue, 16 Nov 2021 14:31:18 -0500
Subject: Fix for Penetration test _ Session and cookie management

Change-Id: I5597f4e25acaf0352d66870911d6c99503a01229
Issue-ID: VID-987
Signed-off-by: krutbhat@att.com
---
 epsdk-app-onap/src/main/webapp/WEB-INF/web.xml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/epsdk-app-onap/src/main/webapp/WEB-INF/web.xml b/epsdk-app-onap/src/main/webapp/WEB-INF/web.xml
index e90f837d3..e445bac5c 100755
--- a/epsdk-app-onap/src/main/webapp/WEB-INF/web.xml
+++ b/epsdk-app-onap/src/main/webapp/WEB-INF/web.xml
@@ -70,6 +70,23 @@
     <filter-name>charset-to-utf8-filter</filter-name>
     <url-pattern>/app/ui/*</url-pattern>
   </filter-mapping>
+      <filter>
+    <filter-name>httpHeaderSecurity</filter-name>
+    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
+    <async-supported>true</async-supported>
+    <init-param>
+      <param-name>antiClickJackingEnabled</param-name>
+      <param-value>true</param-value>
+    </init-param>
+    <init-param>
+      <param-name>antiClickJackingOption</param-name>
+      <param-value>DENY</param-value>
+    </init-param>
+  </filter>
+  <filter-mapping>
+    <filter-name>httpHeaderSecurity</filter-name>
+    <url-pattern>/*</url-pattern>
+  </filter-mapping>
 
   <error-page>
     <error-code>404</error-code>
-- 
cgit 1.2.3-korg