diff --git a/components/mobile-plugins/mobile-base-plugin/org.wso2.carbon.device.mgt.mobile.ui/src/main/resources/jaggeryapps/emm-web-agent/jaggery.conf b/components/mobile-plugins/mobile-base-plugin/org.wso2.carbon.device.mgt.mobile.ui/src/main/resources/jaggeryapps/emm-web-agent/jaggery.conf index 6279943bd..0c0285ee2 100644 --- a/components/mobile-plugins/mobile-base-plugin/org.wso2.carbon.device.mgt.mobile.ui/src/main/resources/jaggeryapps/emm-web-agent/jaggery.conf +++ b/components/mobile-plugins/mobile-base-plugin/org.wso2.carbon.device.mgt.mobile.ui/src/main/resources/jaggeryapps/emm-web-agent/jaggery.conf @@ -98,6 +98,11 @@ { "name": "URLBasedCachePreventionFilter", "class": "org.wso2.carbon.ui.filters.cache.URLBasedCachePreventionFilter" + }, + { + "name":"HttpHeaderSecurityFilter", + "class":"org.apache.catalina.filters.HttpHeaderSecurityFilter", + "params" : [{"name" : "hstsEnabled", "value" : "false"}] } ], "filterMappings": [ @@ -108,6 +113,36 @@ { "name": "URLBasedCachePreventionFilter", "url": "/enrollment/*" + }, + { + "name":"HttpHeaderSecurityFilter", + "url":"*" + } + ], + "listeners" : [ + { + "class" : "org.owasp.csrfguard.CsrfGuardServletContextListener" + }, + { + "class" : "org.owasp.csrfguard.CsrfGuardHttpSessionListener" + } + ], + "servlets" : [ + { + "name" : "JavaScriptServlet", + "class" : "org.owasp.csrfguard.servlet.JavaScriptServlet" + } + ], + "servletMappings" : [ + { + "name" : "JavaScriptServlet", + "url" : "/csrf.js" + } + ], + "contextParams" : [ + { + "name" : "Owasp.CsrfGuard.Config", + "value" : "/repository/conf/security/Owasp.CsrfGuard.dashboard.properties" } ] }